ENCOR - Enterprise Network Design

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everyone welcome back to another encore study group session today we are going to be covering enterprise network design we've been covering a lot of design principles because what we're doing is we're going through the blueprint of the encore and so we're starting right at the beginning with 1.1 section and we're going to continue to go through this blueprint step by step now just kind of as a general here's how this works kind of thing I just keep in mind that this video has been pre-recorded and so I am able to answer any questions that you might have as we go through this video so I'm here in the chat with you so please feel free to jump into the chat ask your questions and by the way if you're studying for the encore and you've got questions about something other than what we're covering today in other words enterprise network design then feel free to chime in with those questions because if not me then somebody else in the chat might be able to answer that question for you and get you going so this is an enablement for you this is an ableman for everyone who's going through the encore right now I want this to be as beneficial as possible to you and the reason we're doing this in an interactive fashion is for the sake of that interactivity and I just wrap my pen all right so anyways today we are going to be talking about three tier and two tier designs so what we have is two well okay a couple of things we're going to be covering two and three tier designs in other words when we have to collapse one of our layers onto each other but then also we have to worry about when we have to connect to the excess layer and the excess layer can have a lot of different design ideas and philosophies it can be a layer to design it could be a layer three design and so we're going to cover a lot of the access layer ideas here in the session as well so without further and I think we're gonna go ahead and we'll flip the pen right out of my hand again we better keep going before I throw my pen across the room all right so when it comes to architectural design try think of how exactly to say this we have to mesh book smart with street smart in other words we have to find the balance between what looks good on paper in a book and you know designing and architecting these things according to know work theory but then we also have to worry about what is real world like what actually is the best scenario depending on what we are actually faced with and so you know in my background I've said this before but I've done hundreds of Network designs over the years my my role was working with a Cisco partner and I went into organizations and I looked at what they had and said hey this is you know what you have and here's what we'd recommend maybe your network is 10 years old or maybe your dings have changed you've grown and you need to expand your network whatever the situation is we need to build a network architecture around what you need and that's always going to be the goal so let's start off with this concept of a three-tier design in the now enterprise world we like to split our networks up in two places remember we talked last time about this idea of having a core network block and we also talked about how a network block typically is going to have two switches in it maybe more depending on what exactly is happening in there so two for redundancy and then we're going to connect our two blocks together I'm sorry we're gonna connect those two switches to the two switches in another block if we want to connect two blocks together and so this core is supposed to be the hub sort of in the middle of everything and so we've got this network core and we are going to connect all kinds of other network blocks to it so for example the data center that's a network place that I love to hang out in got all of our servers in our storage and applications and data all stored in the data center we might have our internet block but where we're gonna focus today is this concept of a campus the thing about a campus it could be literally a school campus it could be an organizational campus you know cisco has campuses that are large enough organization that they've got multiple buildings within a single geographic area of one another and they call that a campus and so we have a campus environment with multiple buildings what you end up having is the need to connect all these buildings to one another and so what we do is we typically will have a distribution layer in every single building and that is there is the responsibility the distribution layer is to number one provide layer three connectivity back to the core and then number two to provide access to everybody in the building that needs access and typically what we're going to do for that is to play an access layer so I think I misspoke there the distribution layers role is not to connect the people it's to connect the access layer to the rest of the network and the access layer is where the users live I'll write that down here incidentally I need to make sure that I hope and there goes my camera all right I need to make sure that I don't draw underneath my head here all right mark that off so we have core distribution and access layers in this enterprise network design that we've we've clearly laid this out and established this and so our users are gonna connect the access layer our distribution layer is going to be responsible for things like VLAN interfaces these would be the SV eyes it's going to be responsible for maybe some access control lists will put the ACLs at the distribution layer we covered last time how you know what the what the role is of the distribution layer and access layer and such and so if you missed last time I keep saying last time because it was two weeks ago have you missed that session the be sure to go back and watch that it's here in the same YouTube channel so what we've built here is a three-tier architecture this three-tier architecture consists of a core layer a distribution layer and an access layer and each one of these again is a pair of switches and so physically I'll erase this here in a moment but physically what we have is something that looks like this we've got a pair of course switches connecting to a pair of distribution switches and then who knows how many access switches all right I mean I've been in campuses where we've got dozens of access layer switches I mean I've even seen a dozen access closets and in each closet would have you know five to ten switches so we can get a lot of access switches in an environment so we're going to have however many access switches that we have all connecting in through that distribution layer that's physically what that looks like on the right side again I'm gonna go ahead and clear that off so we have space to do our other the rest of our conversation but I want to make sure that we have the idea of what this physically looks like it's not you know we go out there at some point we're looking at actual switches and those switches are connecting to actual other switches and we do need to translate this conceptual diagram into actual real-world physical connectivity all right so we have this concept of a three-tier design but this is where it starts to get a little bit away from the book world because in a real world scenario my entire organization might fit into this diagram as I've gotten drawn as I have drawn out here I might have a quarter switch and a pair of course switches in the distribution layer and a bunch of axis so which isn't that's my headquarters and I don't actually have a campus and so really I bring my datacenter and everything else into this course which and and this is my whole network okay that that might be the case but it might also be the case that I mount an actual campus and so now I've got other distribution switches other distribution blocks coming in so this might be my building one distribution layer and then I've got another building nearby that's building two and then I've got another another building that's building three and I might have dozens of buildings on my campus and each one has a distribution layer and usually hanging off the distribution layer is going to be an access layer so again we think about universities we think about companies like Cisco having a lot of different buildings within a single geographic area usually this is going to be connected all together via dark fiber we call it dark fiber because I like the fiber myself I put a transceiver or an optic on both ends of that and I light it up I'm not paying somebody else to light up that fiber so that's why we call it I didn't write it out but that's why I call it dark fiber okay so we've got this concept of the three-tier architecture and you can very clearly see how we have this established where every single building gets its own three-tier architecture but at the same time you'll notice that we're all sharing that core layer I mean that's all a point of a core is to connect all of the different building blocks of our network together and so all of this is layers or connectivity if one distribution block need to communicate the other distribution block then the core will facilitate that most of our communications of course are going to go up to the internet or up to the data center we're not typically doing a whole lot of peer-to-peer applications in this day and age so all that to say this is well and good but now we need to realize that this very rarely fits into an organization very rarely fits exactly like this into a university or just wherever we're deploying it and here's the reason for that the reason for that is because the roles and responsibilities let me change my colors here the roles and responsibilities of the distribution layer do not include connectivity to clients so my users are all coming in to my access layer and that's great except what if I need users to come into the distribution layer what if I have a relatively small building I'm bringing my dark fiber into the building you can imagine this like I don't know maybe they converted a house into an office and so we're bringing this dark fiber across the campus into this little house that's got maybe 15 people working inside and so we drop a network switch in there maybe even two switches for redundancy because we're trying to do our due diligence and then I need 15 connections and and they're all within a small space so am I gonna put two distribution switches and then also to access layer switches into this little house I mean chances are I'm gonna put one switch I mean maybe I'll put two switches but for the most part I'm just gonna put a single switch in there and terminate that dark fiber and give connectivity to those who are in the house so what did we just do there I mean if we're going to bring everybody into one switch what our again what's that what's that concept and that concept is collapsing so collapsing means that I'm taking two discrete layers or two discrete networking blocks and I'm collapsing them or combining them together so in my case with the house let's say that this is the house here building number three is just a small house I'm going to bring these two layers together these two building blocks together I'm going to collapse them and so this becomes a collapse distribution and access switch so I'm still running layer three back to the core however I'm also well and I should also say from a distribution layer perspective I'm also running the SV eyes and I'm doing any ACL work and I've got the first hop redundancy protocols I didn't write that over here but first up redundancy protocols like HS R P and V are RP and such and I'm doing all of those things however I'm also connecting users and since I'm connecting users and doing all of the roles of an access layer block for example we mentioned QoS marking that's that's something that belongs on access layer switches so does VLAN tagging and such and so I'm doing all of the roles and responsibilities of both the distribution layer and the access layer and that's this idea of a collapsed a collapse design so this in a way becomes a two-tier design because now even though I've got two you know one two three tiers here well I mean I guess I already wrote that out this is still valid right we still have a three-tier architecture going to building one and as of right now we've got the same concept going to building two it's a three tier design however going to building three that's a now a two tier design because we have one tier being the core and we have a second tier being the collapse distribution and access layer all right so that makes sense because again it's just a small house there's no reason to deploy four switches into this house Ameche imagine being the network admin going to the CFO and saying alright we need 15 users so what I've done is I've created this design that's got four different switches you know the two switches are gonna have 12 ports each there's a distribution layer but then the access layer switches are gonna have 24 ports each that way I've got plenty of redundancy in case one of those goes down I mean let's see if I was gonna be scratching their head and saying you know I think we can get away with just a single switch here can we just do a single switch and this is where we as network engineers we get bogged down sometimes and what's right we've you know we have spent so much time studying this stuff and saying you know what I've I've studied it I have maybe maybe you've got my CCNA or I've got my even maybe my CCNP or dare I say even some of us may have a CCIE I've studied this I've invested all this time into this and I've read the books and I've read the white papers and I know for a fact that the right design is to put four switches into that plane out if yes if it's a house you're probably pride in the back of your head thinking okay maybe I don't actually need four switches here but what if it was a larger building that still only had about 30 users I mean would you still want to deploy four switches or a single switch would you argue for two would you argue for four we always have to find the compromise again working for a Cisco partner it's interesting because my job was to come in really and focus a little bit more on finding a compromise because I'm I'm always in the position of like this is the best all right I mean like I've got I've got these great this great new Cisco technology brand new switches whatever it is and it's the best thing that Cisco's ever created and oh yeah you've got a budget that's about twenty percent of what that would cost and so there's always this balance of you know I'm not a salesperson I'm not paid based on Commission and so like I don't care like it doesn't affect my paycheck whether they buy one solution or the other but at the same time it's like I know that there's this awesome solution that would be a great fit here but your budget isn't quite there and so my job is to bridge that a little bit to say okay what can we do that's within your budget that's maybe the good solution if you could increase your budget a little bit this would be a better solution but very rarely are you gonna find that we can triple your and say you know what let's just do it exactly like the book says and you know just completely blow past the budget it just doesn't fly and if you're in a consulting role you understand that and if you're in an IT role for an organization you might even understand that better than me because you've gone to your boss to try to argue for more money to do things the right way and at that point where there's a crossroads that we hit as an IT as IT individuals we are kind of stuck in this world or in this place where we have to decide are we going to go along with the business or we're going to respect the business or are we going to more or less get in a huff and and complain to everybody that they don't respect technology here they don't respect me maybe I mean he's going off a little bit of a tangent so I apologize but one thing that is hard for me as an instructor and as just a content creator and such is to see individuals who take it too personally and possibly miss some good opportunities to sit in a role and learn from that role and to get all that they can out of that role even if it means eventually leaving and going on to a bigger and better things because the business doesn't respect IT we and IT need to make sure that we are respecting the business because the business is what keeps us in business the business is what puts a paycheck in my pocket the network doesn't put a paycheck in my pocket the network does nothing for providing the business with profit all right the the revenue streams the the profit that all comes from whatever the business is in business for the network doesn't write checks to the organization that's what the customers do and so if we an IT get in the way of either potentially bringing in revenue or possibly increasing costs too much then were we become enemies of the business and that is not a good mindset especially in an age when the organizations that are hiring IT folks like us are looking for level opinions higher level thinking imagine two network engineers one who's really really good technically and one who's maybe not as good technically but can speak the business language of how to leverage technology to improve return on investment to take a capex expenditure a capital expenditure a capex spend and convert that to an op expend and how that can relieve profit margin or you know revenue streams over time all right imagine those two scenarios I who who do you think the CFO once in his or her corner probably the one who's a little bit less technical but understands the business a lot better right and so that there's think of it from that perspective like the more that we can be useful to the business just flat-out the more useful we are it's more invaluable we are and the more our opinions will be respected as soon as the business thinks that we're just in the business of building the best our network that we can and who cares how much it costs that's when the respect for us and for IT in general starts to go downhill all right so that's my soapbox I apologize for that but at the same time I don't apologize for it because again I've seen it and it's painful and we can do better in the in the networking world all right so let's figure out what works best for each individual situation now here's another way that we can collapse okay collapsing can go multiple directions I mean we've got a sandwich so to speak we've got three tiers we've got the core at number one we've got the distribution at number two and we've got the access layer at number three and we can collapse the distribution into the access which we've just seen but we could collapse the core into the distribution for example let's look at building number one here what if I said let's collapse these two together what would be the benefit of that think about that for a moment why would we want to collapse the corne distribution layers together and what does that accomplish well remember what the role of of the core is we only spent like five minutes on it two weeks ago because it was pretty straightforward it was my job is layer 3 switching that's all I care about my goal is to take a packet in from one network block and send it out the other appropriate network block or towards the appropriate network block so if I have a distribution switch whose job it is to handle SBI's and ACLs and such and first half redundancy protocols do you think that that distribution switch could also do some high-end layer 3 switching in most cases yes and so I've got my headquarters building one is my headquarters let's say and yeah I've got all my access closets everywhere but here in my maybe it's in my datacenter or maybe it's in my MDF you know where the these feeds come in right I've got the internet coming in I've got my datacenter coming in and maybe even have these other fiber connections coming in whatever building that is usually it's a an MDF closet or something along those lines I've got two pretty darn good switches serving as my core now am I then going to deploy a pair of distribution switches right next to it to connect all the access closets now if I have a hundred access closets and these core switches are small then okay there's value in that because now the distribution switches can have 48 ports each and connect out to all of the I don't remember how many closets I said hopefully that's enough but all the access closets right now that makes sense but if I've got 12 access closets or five access closets and I've got these core switches with all these interfaces on it what's the value in deploying distribution switches other than as we've said already a few times here other than just to stick to what the book says and to deploy a three-tier architecture because that's what we wanted to play in a lot of cases collapsing a core layer into the distribution layer where the core is housed makes a lot of sense the biggest time that it doesn't make a lot of sense is when you have a ton of access layer closets then yes it makes sense physically to have separate distribution switches and then have course which is that their focus is on switching all of these different the traffic between all these network network blocks okay so do we see though that we can collapse two different ways we can collapse distribution and access together that's a two tier architecture I've got a core block and I've got a distribution access but I could collapse the other way as well I could have an access layer switch down here and or access block and then I could also have Corrin distribution blocks collapsed together this is this is now a core distribution code I well what we traditionally call it collapsed core design what's interesting in all of this is even though we have a two-tier architecture now on the right and we have a two-tier architecture here in the middle look at this building - look at this right here this building - still has a dedicated access layer it still has a dedicated distribution layer and it still has a core layer it's core layer happens to be collapsed in with the campus environment at building one but it's still a dedicated core relative to building two so we still have a three-tier architecture for building two this is where it gets grey I mean I hope we're starting to see this a little bit it's not as simple as saying you're either a collapsed core or you're a three-tier architecture especially when we have many buildings that are at play and as if that's not enough check this out change code and do one more here now we get building four let me at like a hello my brains go in a couple different directions here let me let me do it like this let's say that headquarters is actually pretty small maybe we're at a factory we've got a campus and it's a bunch of factories and headquarters is this little admin building with 15 users well now we could have truly just you know building 3 is a collapse a collapsed collapsed core collapsed access layer collapse distribution layer it's a two tier architecture like we have drawn out and in building number two and here in the middle that's a that's a factory that we've got the three-tier thing going but now at headquarters we're just gonna deploy all of this into one switching layer we're gonna play two switches that connect out to all of the different blocks in all of the different buildings and it's going to perform the SBI's and the ACLS for my headquarters and it's going to connect all my users in all of my users are connecting in via these same two switches now we've collapsed the core in the distribution and the access layer altogether so that's a completely collapse design that's not even a three-tier architecture anymore I'm sorry two-tier architecture it's a one tier architecture this is where real world design meets book design and here's the crazy thing about this did we violate the design by doing that if we collapsed all of that into a single pair of switches did we violate the three-tiered architecture technically we did not because look at all the roles we've got layer 3 switching in here on the pair of switches we've got SV is an ACLs and first type redundancy protocols all running on those switches we've got VLAN and QoS marking happening for the users that are attached to those switches so we have all of the roles accounted for on that single pair of switches so in the end design I always have said that network design is closer to art than it is to engineering and the reason for that is there's some subjectivity out there and subjectivity can be a dirty word to an engineer I mean we're math minded right we like two plus two equals four and therefore there's always a right answer to whatever the situation is but if it's that small does it make sense to deploy four switches and still trying to get a two-tier architecture out of it can we go with two switches and just collapse them all together and I mean there's some there's some gray area in there and the the engineer who designs it is probably the one who's going to end up deciding what is right in that scenario and nobody's gonna look at it necessarily and say oh you did the wrong thing I mean if you were to if I were to go into a small building like that and there's 15 users and you've got switches for the three different layers I mean yeah I'd say that we can probably definitively say that that was over-designed but whether four switches is over-designed or not it might be in the eye of the beholder that's again where it's like a little closer to art than it is to engineering so there gonna be some scenarios that are very crystal clear how to do it there give me some scenarios that require some opinions and the best recommendation I have for you if you find yourself in that situation is bounce it off a couple of people Mayo Biff if you're a consultant bounce it off the customer bounce it off the salesperson you know I know right like what the the salesperson yes the salesperson this probably has a sense of whether the customer will take offense to you coming in there with four switches and whether they have the budget for that I mean that's the kind of thing that weighs into a design like this and so ask some opinions and do your best to find the right solution if you're an IT person and you know you got Cisco coming in and trying to sell you on four switches you know ask ask some other technical minded people in the industry reach out to somebody in this study group or on Twitter or what have you and just say hey this is what's being proposed does it does this feel right does this make sense and you know you just gather opinions and you do what you feel like is best and that's all we can do and that is all we can do all right so that is already the first 30 minutes is just discussing to tear and three-tier designs and we thought that that was straightforward right go to tier design that's just gonna be collapsed core ya know it's it's not quite as simple as that unfortunately not in the real world now from a an encore perspective a Cisco is gonna ask questions about two tier and three tier network design just understand that we can collapse networking blocks together and and we can collapse al-ahli we could collapse the data center into the core we could collapse the data center into the distribution layer in the campus I mean collapsing simply means that we're deploying multiple roles onto a single set of switches that's all collapsing means so collapsed core yes that's typically what we had in green here were seeing the core into the distribution layer a collapsed distribution layer can be referring to what we have here where we have a distribution axis to combine together usually they'll be a little more straightforward on an exam about what they're asking about then what the real world often gives us and that's not a bad thing okay let me clear my screen here and we will delve into and a Markoff where I can't draw we're not allowed to draw delving into the access layer alright so we have a lot of different options when it comes to the access layer we drew it out really nice and pray we were really more focused on the collapsing of blocks in the last drawing but now we need to get into not only the physical layout of access layer switches but also what type of access layer connectivity we're going to create so first and foremost when it comes to access layer design we do typically have two main options access layer is going to be either a layer to design or layer 3 design and not to jump ahead or give anything away but in most networks access layer is gonna be a layer 2 design and we'll see why here in a moment every now and again you will run across the layer 3 access layer but that's better in theory than it is in practice again well let's talk about this so what are we talking about here really well we've mentioned having a core well I should say distribution layer maybe it's a collapse distribution or collapsed core design but either way we've got a pair of switches ideally distribution switches and then I've got a bunch of access layer switches now these access layer switches one thing that can get us into troubles network engineers when we're trying to merge theory and practice is the actual physical layout of where all these switches are so I might have an access closet here and then I can connect these up dedicated to those distribution switches but then maybe I've got five access switches in the next closet and so now all of a sudden does it make sense for me to connect all of these access switches to my distribution switches so I mean yeah we'd love to say alright to connections to that switch to connections to that switch it's usually not gonna happen so in a lot of cases what we end up doing should say like this well we used to have to do when these when we didn't have better options was we would typically loop this through okay spanning-tree would block a link in the middle assuming this is a layer 3 to our layer 2 design and we just made do with what we could now there is another design here that's kind of popular or there was popular which is to dual homed to the head end switch that and then we'd block one of those links and that made it so at least we're consistent with how many hops that we had to get out to the rest of the network but the problem with this is if that switch goes down then we lose total access to that network closet so there's really kind of a rock and a hard place conversation well we typically will go with this from a layer 2 perspective we're gonna talk later about jassi's and stackable switches and VSS and such and how it makes our lives easier for now let's just let's just leave it like this so the idea here is this I've got users connecting in and these access switches and I've got users draw it here connecting into these switches in a lot of cases my users need to be on the same subnet and there's a lot of reasons for that sometimes it's well my my users need access to a printer that can't handle later through traffic or something so I like that in a lot of factories and warehouses RFID scanners have to be on the same subnet as their server sometimes it's just flat-out organizational like I just I want all of my users on VLAN 10 I just want them all there so I can apply security policy to VLAN 10 and know that there are D LAN 10 wireless roaming was a big problem there was a big reason for this because if I roamed from this access point to this access point because I'm walking down the hall and so my wireless user is connected here and then I roam over here and now all of a sudden I'm connecting to this access point well I would like to keep my IP address in that scenario I mean I might be in the middle of network communications maybe I'm watching a stream maybe I'm on a video call whatever the situation is if my IP address changes it's gonna interrupt what I'm doing and so we don't want we didn't like layer three roaming we want layer two roaming and so this enables this so a layer two domain says that I'm going to stretch my I'm going to put trunk connections to all of my switches in my access closets I'm gonna extend all the VLANs I want so maybe this is VLANs 10 through 20 out here 10 through 20 out here maybe I'll try to keep it a little clean maybe I need VLAN 25 on the second access closet for some reason so I had VLAN 25 to that trunk link and those trunk will enjoy all of these our trunk links at that point and that's well I'm good it keeps it cleaner because I don't need to extend beyond 25 to the closet on the left and that's well and good but the biggest problem with this design is my increased risk of network outages we all know it the industry knows that Ethernet sky Nevada protocol said that before I'll say it again it's kind of a terrible protocol it was a cheap protocol it's Wyatt won the war back in the day and we've built the entirety of our modern Internet oh there's my camera again we built we've built this modern networking world on kind of a crummy protocol in Ethernet and so what we find ourselves doing here is just dealing with the pain points of Ethernet one of which and the biggest of which project probably is this concept of network loops so I need the redundancy of loops because if I just do one connection and it goes down then everybody disconnects and that's not acceptable so I have to have redundant connections which means I have to create Network loops which means I have to have as we all know spanning tree protocol or TP spanning tree is going to go in there it's going to block one of these links it's going to make it so there isn't actually a network loop logically physically there is and we're trusting and hoping spanning tree works and spanning tree for the most part likes to work I can tell you from experience that spanning tree also likes to occasionally completely fall on its face I could tell several stories of this well there is one where I was in a large medical clinic this is when I worked for this medical clinic and we had a access closet or access switch that was hanging off of a pair of distribution switches and my job was to connect the second link up because we didn't have the fiber run or something like that and we just didn't have that capability of firing that up this was one tiny access switch that was on a building just off of the main campus I just needed to connect it back up to the distribution using the new fiber that had been pulled and so I went there probably about one o'clock in the afternoon or so right after lunch and connected that up and spanning-tree should have worked spanning-tree should have blocked that port spanning tree did not spanning tree took that network to its knees in about 40 seconds and you know fortunately I realized it pretty quickly and took it down but you know it was it was a you know three or four minute outage and all you know it wasn't a good scenario yeah I had to really state my case if they're like okay look a spanning tree failed it should have worked and literally the next time I you know because I course I killed that link to save the network and when I went out there you know the middle of the night next time of course to do this I did the exact same thing I just connected that up and boom spanning tree worked and life was good so unfortunately I got to to experience spanning tree failing as finest I also saw a spanning tree fail in a large data center where I got a call from a customer and their spanning-tree process just died on one of their distribution switches and explicably stop sending BP to use stops processing spanning tree packets allowed the network to form a loop and to down a data center and it was a very painful outage for this company unfortunately really truly they it was it was very bad because the data center lost all of its virtual machines and they all got corrupted because even though the network outage didn't last very long all the virtual machines got corrupted and they ended up being hard down for 24 hours just because of this silly switch stop talking spanning tree so spanning tree fails and it stinks when it does and so the biggest problem with what we're doing here from a layer 2 perspective is that we're increasing our failure domain we're increasing our broadcast domain and so the number one well I guess those are two separate things number one we're increasing our failure domain if anything were to go wrong with spanning tree in this everything goes down okay it's not just one access closet it's all the access closets because those distribution switches are gonna get overloaded and and it all goes down plus broadcasts get propagated everywhere thanks to our trunks the broadcast domain itself is a separate issue because even a spanning tree is doing its job any any user that sends a broadcast packet to the network is going to be delivered to every single user on the entire network and that doesn't sound too bad until we realized how much broadcast traffic there is on a network there's a tremendous amount of broadcast happening every single day or every single minute potentially by a lot of our end devices so whether it's DHCP related or it's some other application that was poorly coded and it's broadcasting out instead of using unicast or multicast either way we have to deal with the fact that there is a lot of broadcast network and so the larger we make our broadcast domain the more overloaded these distribution switches are going to get and the beefier they have to be in from a processing perspective in order to handle the load so this is where the concept of layer three comes in because if I can just get rid of the broadcast domain if I can just get rid of spanning tree all of those problems go away and that sounds great what if I were to turn this into these into layer three links what if I made it so it's no longer trunking now every one of these dots represents a layer 3 interface and we are no longer trunking this is now layer 3 so my closet on the left has layer 3 connectivity to the distribution layer that means that I'm running a routing protocol let's say I'm running EIGRP here it also means that my roles and responsibilities of the distribution layer have actually now been offloaded to the local access switches so everything we just talked about how the role of the distribution layer you know involves the SBI's and the first hop redundancy protocols and the SE the access control lists for example all of that now needs to go on these layer 3 access switches so we deployed the SBI's here we would deploy the access control list we deploy first top redundancy protocol here so one of the cop or one of the problems so to speak with this type of configuration is that it can increase the complexity from the perspective of now I've got to go around and configure for cyber energy protocols and every single access which in my infrastructure and that's not always ideal but it's also not a whole lot worse than configuring trunks and managing VLANs and so to me that's a wash there's a layer two complexity and there's a layer three complexity and regardless of which solution you choose there's going to be complexity it's just the fact of life so what is the disadvantage to this well we already talked about it if I'm going to roam from this access point to this access point now it's a layer three roam VLAN 10 is not shared between the two different closets in fact there are no VLANs that are shared between the closets because it's layer 3 segmentation between them we cannot share a subnet between layer 3 separated domains so that means that if I have any application that requires layer 2 connectivity not going to work if I'm going to do roaming that that could potentially be a problem now I will say this even though we'd use this as an example a lot wireless LAN controllers kind of solve this problem for us because wireless LAN controllers make it so that these access points can be on separate in separate layer three domains and they tunnel user traffic back to a wireless LAN controller and that Wireless LAN controller makes it so that even if I roam between access points in different layer three domains I'm so part of the same wireless subnet okay so wireless LAN controllers can make some of that go away and honestly that was one of the biggest pain points of layer three access layer so this is why some places do choose to go with a layer three design as well wireless roaming is actually kind of handled for us we can get rid of spanning tree we can get rid of trunking and get rid of our broadcast domain issue these switches might be able to be a little bit smaller to small layer 3 switches instead of big beefy layer 2 switches later 3 has a lot of advantages but it can be torpedoed by one application showing up that requires layer 2 connectivity and this hit and and what's unfortunate is you can design this beautifully you can do all of the research and do all of the investigation and find out we're not doing any of that we don't need any of that life is good let's do layer 3 everywhere you deploy a layer 3 everywhere and then your HR department goes out and buy something that requires their pcs that are located in two separate parts of the building to be on Sep on the same VLAN and so they're coming to you and saying we just invested $100,000 in this application and it requires layer 2 connectivity again torque earlier conversation as we as the network engineers have a tendency to say I'm putting my foot down I am NOT any we're not touching this layer 3 design we did all of the research you went out you bought that application you wasted your money good day and how many of you think that that's actually gonna work out well for you HR department spent their money they need that application or to do their jobs better and you me we are now in the way of that and so having a layer 3 design honestly as much as anything it brings a lot of risk with it like that's my biggest care about is I'm gonna I'm risking having to revert to layer 2 by something that's outside of my control and so we could spend all the money again and do all the research and do everything all the consulting and all the engineering hours needed and convert our entire network to layer three and then find out we have to convert it back so layer three really corners us pigeonholes us however you want to say it it makes it so that we we aren't flexible and that is a big problem with networking so where has networking really gone well the word networking is really gone let me see can I get rid of some of these layers all right look at that where we have gone is to embrace up I got actually creating a layer there we go is to embrace layer two begrudgingly we're not doing it with pride yes awesome that's not what's happening here we're embracing the need for layer two the flexibility that layer two gives us and what we're gonna do is we're going to we can't get rid of spanning tree okay the dream is to just cross that out and be done with spanning tree instead we're gonna do is we're going to drastically reduce spanning trees domain and greatly reduce our reliance on spanning tree here are some of the ways we do this first of all some of the technology by the way has been around for a long time so like I'm not saying this is new I'm just saying that this is where the industry went okay first of all we have this concept of chassis switches and the concept of stackable switches sometimes we'll go with one over the other and we're not really gonna delve deep into why we choose one over the other but you know chassis and stackable is always a fun conversation either way we take multiple switches let's say I've got five switches like I have in the diagram down here five switches and I can put it into a single chassis with five different networking blades and maybe a supervisor in there I think I got six nice so I can put into one chassis or I could stack them together and so now I've got five switches that usually have some kind of back-end cable and then it can I get a little messy but you get it right here's the chassis here's the stacks either way it's a single logical switch okay and so what we end up with you know I'm just gonna get rid of that other layer there we go put layer two in there there we go so we end up with is we've got a couple of okay a couple of couple of distribution switches no need to make it so big and then we've got a chassis let's just go chassis switch so I've got a network closet with a chassis switch in it and I bring my connections in and now my spanning tree domain is greatly reduced remember that loop that nasty loop through the access layer we don't worry about that anymore okay we do stop spanning tree in this domain but there's a whole lot less that can go wrong with spanning tree when only one link is blocked well usually there's one link when we only have three links so it's a triangle and we want to get rare get rid of those large loop domains and get as close it get as many triangles as we can and so then I've got another chassis maybe it's even in the same network closet and same concept where I'm going to extend two connections down one of the other pain points I didn't mention about spanning tree by the way is that well wait a second here I've got these fiber links pulled and I'm not using them at all okay we got here got about 10 minutes so what what we can do is that me well I'm okay let me say that one more time because I get distracted so it's fainter we were to block those two links right now we are not sending any traffic across these two connections they might as well not be there unless I need them for redundancy unless the primary connection goes down however one thing we can do is get a little bit clever we can use leverage Cisco's per VLAN spanning tree P V St plus and ideally in this day and age we do rapid so rapid is a faster version of it will go with rapid P vs T plus and wrappi BST allows me to have multiple spanning tree topologies so what I'm going to do is I'm going to deploy two topologies I'm going to play topology that looks like this where I'm blocking that link and then another topology let's make this topology orange against and that topology is gonna look like this now these are not new physical connections this is simply spanning tree topology and what I can do is I can make it so that VLAN let's say VLAN 20 here this is the root bridge for un 20 Rue Wow the route for behind 20 and therefore my blocked link is over here for view on 20 meanwhile switch back to that pink and let's call this the VLAN 10 route so now because this is a separate root bridge I'm gonna block something different and my blocked port is here for VLAN 10 what that means is that VLAN 10 traffic gets to go down this link and VLAN 20 gets to go down the other link now it's not perfect because VLAN 10 might have five times the traffic of elon 20 who knows but it is better from the perspective of I can use both links I can use physically both links logically VLAN 10 can only use one of those links logically VLAN 20 can only use one of those links but I am using both of them by combining that now if I only have two VLANs one of those VLANs is probably probably has way more traffic than the other but if I average this out across ten VLANs or 20 VLANs or more well a lot of average is says that I'm probably going to end up with about 50% of my load out each link which is ideal so there we go we've gotten clever using Cisco's PBS D plus we can block different links and make the most use out of our connection so that's something that we have done in order to make layer 2 more palatable for us we've reduced the spanning tree domain and we have we've increased our efficiency okay so spanning trees down efficiency is up however we didn't stop there because these two distribution switches we could qalaat combine those into a single chassis like what if I were to deploy a single chassis switch as the distribution layer well let's draw that out what if my distribution layer is a single chassis maybe it's a large chassis maybe it's I'm trying to draw it large there we go lots and lots of blades in it and that's going to connect down to a single chassis that's in my access closet well when I have a single logical switch connecting to a single logical switch I can leverage Cisco's multi chassis ether channeling or M EC which is something we don't talk about a lot because we just sort of assume that it you know there's no magic to it it's almost one of those things where it's like I don't know it's networking magic that we take for granted the fact that it works but a Centon and the reason we take it for granted because we have one logical switch taking to one logical switch and we assume that we can either channel that but there's a lot of magic that has to happen behind the scenes in order to make that actually transpire because chances are these connections are connecting to different switch modules within within the chassis at least they should be for redundancy so we could do that but okay but that that doesn't make me feel great because now my entire distribution switch or my entire distribution layer is a single switch and if that switch has any freak out problem well I've lost my redundancy in the data and in the distribution layer so instead what we have is we have a technology that is called dramatic pause it is called the virtual switching system or VSS right yeah all right good forgot to put my big X where I can't draw all right VSS maybe you've heard of this VSS allows me to take a second chassis switch did you did you do what you're saying alright Jeff that's already looking like the diagram in the top left however I can actually combine these two into a single switch as well so now I've got two chassis switches that are combining into one logical switch and that is what we call a Virtual Assistants switching yeah a virtual switching system or VSS now one of these ports can go to the purple switch one of them can stay connected to the green switch and I can still do a multi chassis ether channel because cisco has created some magic in order to make that happen again logically what this looks like is one switch connecting to one switch via one connection this is what it looks like and so yeah is spanning-tree running yeah gasping she's running we're right worse we're sending B PDUs down from the roots which the B PDS are flowing but we're not blocking any links and we don't have a massive broadcast domain to worry about here there's a lot less that can go wrong in this environment from a spanning tree perspective now VSS is you know can be a complicated protocol to deploy and managing software doing software upgrades and such we do introduce more complexity from there but for steady-state Network operation things are a lot smoother all right now here's a question can we do VSS with stackable switches and the answer believe it or not is yes we are we are to a point where cisco has some catalyst 9ks that can do VSS between the stackable the stackable switches and so we've got that as an option in some cases I believe that's true I might have to double check that but either way the stackable switches have have we got a lot of different options there as long as we can get down to this topology right here that is the ultimate goal of of collapsing this layer to design then the benefits of layer 3 are less evident because as we do this to multiple blocks you know again we've got you know another access closet down here and we do the same thing well now it just looks like this where I've got an entire access closet writing on this chassis and I've got an entire access closet running on maybe that's a stack of switches and then I've got the VSS running in the distribution layer so we start to see how these technologies can really improve our ability to deploy deploy the manage layer - let's put it that way all right I know I know I'm out of time but I'm going to ask for like three more minutes because I was hoping to have more time for this so I'm gonna spend a ton of time on it I want to respect everyone's time but this is important ok cisco has this concept of software access or SDA maybe you've heard of this if you've heard of DNA for example digital network architecture or DNA Center DNA Center is an SDN controller that manages software-defined access which is itself a software-defined networking solution so many buzzwords so many acronyms that hang with me on this selector defined access does this it says I'm gonna put my do think of think of them as distribution switches in the middle here and I'm gonna connect out via layer 3 to all of my access layer switches ideally these access layer switches are chassis or stackable switches or something along those lines because I don't want access switches hang off of access switches okay so if I've got two access switches in a closet ideally I've got connections out to both of them and these can be redundant lis connected that's not a problem it's all layer three so of course it can be redundant li connected there's no network loops in this which is awesome so we what we've just done here is we've created this concept of an underlay in underlay as I like to describe is what we not what what we have okay what really is what we have we truly have one two three four five six seven eight nine switches in this network okay that's great I'm going to make this darker hopefully everybody can still see that and the idea of software-defined access that says this I'm going to take these edge switches and let me just make them a little bit easier to see here and take these edge switches and I'm going to form tunnels among all of them so like a full mesh of tunnels so this switch is going to have connection to all of these switches this switch is going to have connection to all of the switches and I made too many switches in this diagram because now holy smokes that just continues to be more and more but we're almost there all right there we go I think we got them all so we've got a full mesh of tunneled connections now imagine me coming to as a design engineer and saying let's do this let's just tunnel everything together a full mesh of tunnels would you want to manage however many tunnels that is I hope not I would hope that you would have shown me the door ten years ago hi Joan up saying we should do this however DNA Center which is hard to see DNA center as our Sdn controller is going to be able to deploy these tunnels for us and these tunnels these tunnels are VX land tunnels the excellent tunnels are capable of transferring layer 2 information which means that even though I have a layer 3 underlay I have layer 2 connectivity so if I have hosts on these two switches I could have them be on the same subnet on VLAN 10 same subnet on VLAN 10 and they can send broadcast traffic to each other this is a layer 3 architecture there is no spanning tree in this design and yet I've managed to place these two server or whatever they are PCs clients whatever they're on the same subnet they're on the same VLAN this is called an overlay we can't see that there we go the X line says layer 2 by the way layer 2 kind of like that anyways overlay this is a network overlay otherwise known as a fabric sometimes so we create this fabric will create this overlay it's a bunch of the X line tunnels and we use a control plane protocol called Lisp in order to tie all of this together Lisp is basically going to say Lisp locator ID separation protocol you've probably heard Cisco say it a couple of times Lisp is going to tell this switch right here where host a lives host a lives on switch 5a lives on switch 5 and now that switch knows that when traffic comes in destined for host a I send it in a layer 3 tunnel it's a layer two tunnels VX line but it's across the layer 3 connection the underlaid cell I said that wrong I'm going to send it across the under I'm going to encapsulate it and set it across the layer 3 domain from me maybe I'm switch 4 I'm gonna send it from switch four to switch 5 okay switch 5 and capsulate sit because it's be excellent it carried the layer to information and I can drop it off it was a broadcast packet I'm just gonna drop it off with that with that particular host or all of the hosts on that VLAN if it's a broadcast packet so truly okay that wasn't quite three minutes a little long I apologize but I mean that's SDA and in like a five minute nutshell all right now we've got a lot there's a there's so much more to cover with SDA we are going to cover some of that here in the Encore study group so we're just getting rolling with the Encore blueprint cisco expects us to know about software-defined access they expect us to know about VX lane and lisp we're gonna have to have conversations about VX Lane and Lisp and so I just wanted to kind of lay the foundation at this point to say that there is a best of both worlds approach SDA gives us layer three out to all of the access switches and yet allows us to bridge layer two among them so truly spanning tree is gone like remember of my little arrows like we can't cross that spanning tree you can only reduce it gone spanning tree is gone in an SDI environment and yet we have all of the benefits of having a large layer to domain so that's that's a pretty good deal so in two weeks on July 29th we're gonna be covering high availability techniques so that largely includes first up redundancy protocols we'll cover a couple of other concepts as well in there and again we're just we're gonna continue to march through this encore blueprint so hope this has all been useful for everyone please don't hesitate to again bring your questions now bring your questions next time as you continue to work through the Encore blueprint yourself on your own study time so with that I'm going to leave this video running for another five to ten minutes I will be in the chat answering any questions if you have anything otherwise I hope everyone makes it a great day bye bye [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music]

Info

Channel: KishSquared

Views: 10,050

Rating: 4.9851303 out of 5

Keywords:

Id: iaqitusN7cM

Channel Id: undefined

Length: 71min 20sec (4280 seconds)

Published: Wed Jul 15 2020