ENCOR - Network Architecture!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] all right good I'll bus you're right obese Rhino all right thanks for the follow all right let's go ahead and dive into this now so network hierarchy tonight you know again just to repeat what I already said since y'all didn't hear it we're gonna be diving into more of a design element tonight it's where we're moving on from CCNA I know a lot of you have gotten your CCNA s at this point you've you've started that path that you maybe of going down towards the CCNP which is the Encore what Cisco now calls encore exam so I'd be the enterprise networking core exam really the start of the CCNP journey is probably going to be focused on that encore exam so given that we like to spend a lot of time at the CLI and you know configuring routers and such and I love being in the lab as much as anybody you know it's also important to step back and look at some design elements because you know frankly in our jobs a lot of us the temptation is just to get really really good at the CLI and leave the design to other people but I tell you what if you can speak to network design that's gonna open up career opportunities at a minimum it'll it'll make you better at when you're configuring things thinking through what you're doing and why you're doing it so the design is just it's the why you know like why are we doing it this way why do we build it out and so I know those who maybe just be getting started in this field you haven't done a lot of design and that's fine we're gonna look at some of the building blocks of that tonight so here's the agenda we're looking at the hierarchical network model will sound like a big fancy word our agenda usually is like bullet point bullet point bullet point now it's like each one almost looks like a paragraph our goal network model that we're gonna explore exactly what that is and why why that's important the campus architecture a lot of us have heard of this it's the core distribution and access layer if you haven't don't worry about it we're gonna cover that and ideally if we have time at the end we're going to go into access layer design there's a lot of design component design methodologies around the access layer and it just takes some time I guess to wrap arms on all of the different options it's kind of curious because the corn the distribution layer typically considered the more mission-critical layers but there's not that much to them compared to the access layer there's a lot that goes on in the access layer and and part of that's just how large the access layer can get we've got to wrap our arms around that so if we've got time for that we'll hit up the the access layer but for now let's go ahead and pull up this white board and get started so hierarchical network design yeah now we're gonna which is that let me just uh write that out the hierarchical if I can spell it right Network design okay so hierarchy when we're talking about hierarchy usually we think about like different layers stacking on top of each other you know if we think of business organizational charts and things like that like there's a hierarchy you know you go up to your boss and that boss can go up to their boss and their boss can go up to the CEO or what have you and so yeah this hierarchy is just building a systematic structure that allows us to scale I mean the goal of this design is scalability if we can scale a network design from a teeny tiny environment maybe think about a startup shop with seven computers attached to each other via one network switch if we can apply these principles to something of that nature something that's small and yet then turn around and take it up to a fortune 100 company with how large you know those those networks are gonna be with maybe even tens of thousands of users a little you know no longer seven but tens of thousands of users if we can take some Network design principles and apply it across the board then that's really going to help us a lot and that's what this hierarchical network design is intended to do so what exactly is it the at the core no pun intended at the core of the hierarchical network design is truly the core a tuck slobs thanks for following alright so we've got the network core in the middle of this design and what we're going to do is we're going to build our now work around the core and so the goal of this is to you know again remember we're trying to think of scale you're trying to make a large network that it doesn't matter how large it gets and so we're gonna use this concept called building blocks so I think about building blocks I've got kids I know a lot of you out there have kids and I mean if nothing else we were all kids at one time and stacking the blocks on top of each other still remember at my grandma's house you know building the I don't know she had some kind of Disney thing from like probably 1950 or something these cascading building blocks that got smaller as you built it up and all the Disney characters on the side of it and so when we take a building block architecture what that's going to look like is as if we're building with blocks we're gonna build these blocks next to each other and the interesting thing about this block concept is I can swap out blocks and I can put new blocks in and in theory it's not going to affect the overall architecture so maybe I have from the beginning a you know let's just draw it down here maybe I have a distribution layer here and maybe I have an access layer I got to remember where my face is by the way so there we go I'll know not to draw underneath my face yeah yeah Lego big pop I tell you what literally an hour ago I was watching Lego masters with my family we've gotten hooked on that show so I don't know if everybody's seen that it's like reality TV except everybody's just building Lego structures and getting judged and so I don't know how quality of entertainment that is but it's pretty it's pretty fun alright so yes as minimum we always have Lego as our as as our inspiration here and so what if I wanted to hang more blocks off of this core what if I wanted a data center block what if I wanted a land block my way you know my wide area network you know aggregation coming in all in one block what if I have another building what if I've got a small campus or maybe I've got a remote site that doesn't come in through the land maybe I've got a direct connection to another distribution block I can bring in here and what we're going to find is as we in all of these building blocks to each other for the most part this is going to scale out relatively infinitely you know obviously those limitations to every system and hardware's hardware would mean at some point we run out of ports but the idea here is no matter how many let's say distribution blocks specifically what's in a large university and I've got a lot of different buildings on my campus well every building might have its own distribution block so the question is in this design how many buildings can I support can I support 5 10 15 50 buildings and ideally the answer is yes to all of those because I can continue to connect multiple and more distribution blocks in I know am i drawing I'm eventually gonna run out of space but as long as I've got ports on that network core this is going to scale a lot to however many distribution blocks I want and the best part about this is no matter what let me change colors here just to make this clear if I'm talking between blocks let's say I have a computer here I have a computer all the way across the network down here it looks like I'm my drawing it's all the way across the network but no matter what I connect in so here's my first destination then I hop once up to the core I hop twice over to the data center I suppose is where I drew this one and there we go so really I went through three blocks two hops however you want to call that but it's very deterministic as far as what my pathing looks like it doesn't matter whether that host was up here off of this distribution block or down here off of this distribution block you have it down with that access block which is where a lot of hosts are gonna be you know it's an extra hop but we'll get into distribution access is sort of its own thing but either way right now you can see no matter where in the network I'm communicating it's just going to hit one block then the core the core will always be in the middle and then some other block and what we're trying to do is we're trying to get away from this called an organic way of building networks like let's take that startup company for example let's just get another here well this company let's say we've got 7 users 2 3 4 5 6 7 we said 7 users to start with and they're all connected one switch and everything is going good except eventually we get to the points that we've got now you know 50 users well now we've now I've got 50 users we can't support 50 users on one switch so what do we do we hang another switch off of it right and so now we've got multiple users hanging off of that and eventually need a third switch so we're going to hang our you you know those users off of another switch and and now we need to bring you know we have the internet coming in to a firewall let's say so this firewalls going to come in to that but you know and we've got maybe a few servers connecting in here as we grow our network but as this grows out we say ok well now I need another server or another switch rather and you know we've got so many servers it probably needs its own switch let's get a switch over here for it so it's servers and well now we need redundant connections right you know you see start to see how quickly this can get out of hand and what if we bring in another building now we like oK we've we've occupied the suite down the down the hall and we're gonna bring this in and the closest way to bring it in is via this switch well it wouldn't be better if it was coming into the course which you know I mean but yet this is sometimes how networks get built is they get built organically it's just sort of a hey we're gonna make this work the priority is making it work the second distant goal is to make it pretty and we don't we just don't care about making it as you know pretty as much as we care about making it work and I'm guilty of that we're all probably guilty of that on some level like you know what just yeah let's just make this thing work and we'll worry about cleaning it up later and later never comes and so we don't actually make it look clean and so we think about a network the size of Cisco being built like this it would not work I mean I don't know how much larger we could make this network before it starts having some major issues and we've barely gotten into the maybe a couple hundred user range so I get I mean I've been in networks of all sizes I've networks with basically just one switch in the middle and a large chassis switch and it can support 2 or 300 connections and all of the connections are coming into one switch and that's certainly an option but we need something that scales to very very large networks and that's exactly what this hierarchical network design gives us now you know the question might be well ok Jeff that's great but does it scale down you know to the 7 user architecture and it kind of does I mean there are certainly gonna be limits to how small it can scale but we will get into a little bit of that smaller scale here in a little bit all right so let's go back to that building block diagram here we'll pull up what we had a moment ago maybe switch colors up a little bit so this building block design relies on something we call the plagued places and the network cisco has abbreviated that as pin before P I n and really what we're doing is we're focusing on what these different building blocks could be so we we know about the core and a lot of us have probably heard of this distribution and access but maybe we're less familiar with some of the other building blocks so most commonly the building blocks that we're going to see I've got a couple of them on here my favorite is the data center just cuz I love data center technology so the data center would be where our data lives that would be an appropriate name for the data center if it's holding our data and then also the applications so anything you're logging into to do your job it usually lives in the data center so if it's a web application if it's a you know timekeeping application if it's a payroll application if it's just flat out you know it may be it's like an ERP system you know those kinds of things anything that we're logging into again we're doing our job we would track inventory in this application and we and we you know for human resources we track employee information and that and so we've got in in the modern business world we've got dozens if not well not dozens I mean truly we've got hundreds and thousands of applications depending on where you end up going what what field of work you're in and so the applications if they don't live up in the cloud which we're going to talk about next week by the way so come back next week to chat a little bit about cloud versus on-prem deployments but if the apps don't live up in the cloud they have to live somewhere and usually they live on servers in our own data center so data and apps this is what the data center is all about that would be one of those places another one here is the LAN so the way is the wide area network this would be off our remote location so typically we need a router ideally a pair of routers to be redundant and those are going to terminate into when clouds and you know connect to all of our remote sites so we think about retail you know all these maybe malls or standalone stores that some of these large retail organizations have or you think of a bank you know I mean I've I've done a lot of support for a bank in my area that has any there are over 100 branches you know and not to mention ATMs and so a lot of those locations are tied in through the wide area network I know in a lot of cases you know if you're a just trying to say like maybe like if you're a local financial firm or you're a local consulting business or something like that I mean you're not gonna have to worry about a wide area network but the right the right business is going to have to worry very much about their wide area network I've been doing a lot of on cord nuggets on software-defined weigh in right now so this goes new sd1 technology is huge and and taking off and so that is something that is on the Encore blueprint so if you don't know anything about Cisco SD win you're gonna need to ramp up your knowledge of it if you're hoping to go get the ccmp routes which this NGO wants us to know about that now what's another one so usually the internet block is another one that one's not on our drawing we could we could draw it down here the internet I know a lot of our you know a lot of smaller mid-sized organizations don't take offensive this describes your like we're not small doesn't really matter how many people or how physically large but from a network perspective how large you are you're gonna bring your internet into a firewall in that firewalls gonna terminate into your core and that's not really an internet block typically we have an internet block you have a pair of redundant routers you might have a bunch of services tied into there like a web email or web or email security appliance you might have a next-generation firewall you could have a DMZ you know that just depending on the scale and the complexity of your internet circuit connections that would warrant considering it to be a separate Internet block so those are those are some of the most common internet networking blocks so if there's anything I left out then be sure to chime in to the comments so that we can or into the chat DMZ so the demilitarized zone thank you big pop I should have clarified that so for those who who aren't familiar with it yeah you said it right before I said it I think but I should have clarified it a demilitarized zone is effectively an area between you are networking the internet so classically you'd think of this is my network I have a big ol firewall and there's the internet and that's well and good except what if I need some a device to have dedicated net internet access but it's really part of my network well in those cases I wouldn't want to put it out in the Internet because you know then it doesn't have all the protections of my firewall but I wouldn't want it to be inside my network either because if it gets compromised because it has you know people are accessing it via the Internet and maybe it does come under attack well I wouldn't want them to be able to launch attacks on my network from this exposed host so a demilitarized zone is a good place to put servers where they basically have access to both they'd have access to the protection that my firewall gets but also if they do get compromised they can't attack my network so whoo that's a lot so anyways any other places in the network I don't see anybody chiming in I can't think of any right offhand there I have seen it said there's like a network services block I don't have you've ever heard of that one this one is kind of a curious one where if you have a lot of network appliances we think about some of the ones I listed honestly which are security minded like the web security appliance email security next-generation firewalls you might have a like Network load balancer in some way there could be a lot of different you know Wireless LAN controller would fall into that category actually maybe a software-defined networking controller so it's basically a place to put all of the stuff that controls the network and that interfaces with the network but I will say in my experience very seldom if ever do you know large worldwide organizations sure but for the most part you're gonna deploy those services out into other blocks where they are really needed so again web security appliance would go into the internet block and wireless LAN controller would go into a distribution block somewhere and those those are kind of how we typically do laut those network services big pop up question so Cisco CCNA was big on the three layer hierarchy all these blocks fit into that funny you should ask that's exactly what we're gonna talk about next so with that let's go ahead and get some of these drawings this this drawing cleared out I still need to hold up I got a I got a draw an X that stays on my screen so I don't forget where it uh so I don't forget and start drawing all over myself well under myself so you guys can't see this is no there we go all right so now I got that done let's go ahead and start drawing some of this cooking while learning hard to be timely with the comments well good it's dinner time gonna make that up I I gotta say anybody's tuning in I know it's the world's a pretty crazy crazy place right now but we're looking at March 17th which is otherwise known as st. Patrick's Day so I applaud everybody who's giving up their st. Patrick's Day to be here to talk about network architecture very good so again options for going out are not the greatest right now but you know at the same time I'm just going to pretend like everybody would be here still even if they would both the bars were open so all right so let's talk about this concept of campus architecture so this campus architecture is big poppa what you said in the comments there or in the chat are key I can only do one thing at once archetecture there we go campus architecture campus architecture is this concept of access distribution in core so let's talk about this in in pretty good detail and then we're going to bring this back to that concept of the hierarchical Network design all right so the campus architecture is this idea of having a core layer a distribution layer and an access layer and we need to discuss all three of these in more detail because I mean I've taken Cisco exams or like which of these are the properties of the core whatever you know and so like we need to know and understand exactly what each one of these core or each one of these layers do because this go expects us to know this for exams if you're going for the encore exam not but that said we need to understand it for real life too so don't don't make the mistake of thinking this is only for exams all right so let's start at the bottom and work our way up okay the access layer this is where all of our devices are going to connect so devices will connect into the access layer this means we're all about connectivity at the access layer what happens when a PC let's say my PC is connected into the switch or into a switch at the edge so I'm connected into an access layer switch what's that switch doing to my traffic well one thing that comes to mind is QoS marking you know this access layer is going to mark my packets with QoS tags this is where I might get marked with a QoS tag of 1 or hey you know what that might be the what we call the trust boundary so I might say because I've downloaded some cool software and I I set my QoS tag to be super high priority so I can watch Netflix all day and not get interrupted by that nasty email and videoconferencing traffic right that would be being a bad citizen by the way but if I were to maliciously or otherwise mark my own traffic then the switches I'd want the switch to realize that and say hey that's great but I don't trust you I'm gonna make you a QoS tag of zero like the rest of the world it's a very important part of that Big Papi you've got some ideas port security bpdu guard absolutely those are those are additional services so general I'll just say security that could include port security like you mentioned that can include a CL enforcement we do a lot of access list enforcement as close to the edge as possible what we'd like to say as close to the source as possible because you know technically there's an edge on the other side but you know we don't want traffic if we're gonna drop a packet we don't want it to go through the entire network before we drop it we'd like to realize early on that we'd supposed to drop this packet rather than sending it all the way through the network one packet doesn't seem like a big deal but can you imagine if some host just started a massive stream onto the network that is gonna get all the way to the other side of the network and then get dropped well we don't want that massive stream going the entire time and just getting dropped you know stop it at the ingress switch so access list enforcement would be best as close to the source as possible Keith you say so yeah so more spanning tree so bpdu guard from big papa keith says portfast all of these are spanning tree concepts so these are services that are provided at the access layer as well so so that's the access layer again it's all about connectivity so we're connecting things like pcs we're connecting things like even access points those are other networking devices but those connect in at that layer we've got phones I have to think about phones we have to think about printers what else we got out there cameras security cameras or maybe hey video conferencing systems so yeah I mean anything anything that's connecting in at this into the network should be coming in at the access layer distribution layer so I've got a network of 500 users and every switch I deploy can support 50 users well round because it usually is 48 right so 500 users 50% be 10 switches I've got 10 switches so imagine a network of 10 switches 1 2 3 4 5 6 7 8 9 10 I've got my 10 switches how am I gonna connect all these switches to one another and okay well we could have a lot of ideas here you could say well let's let's form a ring you know all of them are connected in a ring and that's actually not a terrible idea that's early networks were built around this model and you know there's some problems with it namely if I want to get from this switch here to that switch over here that's a very long journey so that that's problematic and that you say well what are the odds of that well yeah ads are pretty good especially if you know my internet connection hangs off of that switch and a lot of my traffic is gonna be bound for the internet so yeah that's not the most efficient use of our resources so maybe that's out so we could do a hub-and-spoke that's a pretty common one so we'd make one of these switches our hub and that's that's really great because now everything is 2 hops away so assumedly my Internet's connected here so I only have to go straight up to this switch to get out to the Internet that's awesome the problem with that is that that switch is not redundant so we'd probably want to switches to have connections to the internet but now we need to connect all of our other switches to that switch and you can start to see that this gets very messy very fast you know if I really wanted if I had a you know situation where all of these access switches were just as likely to talk to each other as anybody else now I need a full mesh you know now I need all of these switches to talk to every other switch in the network and like this drawing is getting so busy it's gonna start causing panic attacks and people this doesn't work this doesn't scale out very particularly well this would be the wild wild west kind of what I described earlier about a startup company that organically grows a network this is an organically grown network this is like okay we're just gonna have another switch around another switch before you know we've got ten switches we met while we were doing redundancy we're connecting all these switches to each other wouldn't it be better if we took our access switches however let's just draw these 10 out boy 6 7 I'll go this way 8 9 and 10 so I've got 10 switches now what if I brought those all into the same pair of switches so yeah there's some redundancy here that's you know we want to make sure oops there we go that were redundant lis connecting all of these switches and that is still a lot of connections however it's a very clean architecture I mean compare the drawing on the left to the drawing on the right at a minimum what happens if I add an 11th switch to either architecture well if I add an eleventh switch here I just need two connections to go up to the new distribution layer switching if I had an 11th switch over here I might need one two three four five six seven eight I mean it just starts to become a small nightmare in a way what we've done is we've embraced that initial hub-and-spoke concept and said okay well what if you know we have these two hubs in the network and and they're all gonna reach out to the access layer switches and that would be a hub-and-spoke architecture it's effectively what we're doing with with this side and scrapping all of the the full mesh partial mesh extra resiliency on the right which you know I say Maggie that could sound bad we're sacrificing resiliency but we're not really where we're keeping this if we're making this very resilient every switch has access to at least two upstream switches at some point that's good enough from a resiliency perspective okay so well so this right here would be our distribution layer now typically a distribution layer is going to consist of only two switches and it can consist of one like maybe a highly resilient chassis switch or you know double supervisors and all that we could make one big switch be the distribution switch but generally speaking we went to four resiliency a redundancy in case one of them goes down that way all of our access layer switches can still get up to the core so what's the core doing in all this well nothing really in this architecture and I'll explain why if we connected a core into this architecture here's our core switch and let's say this is the entire network what's it I can connect up and make full a full mesh of connectivity here and so the distribution layer and the Kuril a are all talking to each other but what traffic am i handing off to the core layer well right now nothing because all I have is a sizable access layer and a single distribution layer and assumedly all of the connections you know everything I'm gonna be connecting to is down south of the access layer so most of my network traffic at this point is going to be going up to the distribution layer and back down to another access layer switch that course which isn't doing a whole lot at this point in time but as we relate it back to the previous drawing we know that the core is going to give us access to other network blocks okay so so that's where if the internet lives out the core interface you know passed it out past the core block then I would now I would be sending traffic to distribution which hits the core and which goes off to where it's trying to get all right yeah the core the core core switches are can be expensive I will say the network core can be one of the cheapest of the you know the network elements it's about this way that you still only need two switches so even if they're expensive switches you're only buying two versus access layer like in our network we need eleven of these now there are a lot of organizations where I've seen them you know I've consulted for a lot of organizations over time and you know every now and again I kind of I almost have to catch myself falling into the same trap which is like well these core switches seem a little bit more expensive but like well this court refresh is like a tenth of the access layer refresh that we're looking at doing at the same time and simply from a quantity perspective so you do not want to short yourself by deploying coarse switches that maybe save you a little bit of money but don't actually do it you need them to do all right we'll get two collapsed core big poppa that is a good point the collapsed core is definitely a great option so two different ways I'm trying to decide where to go with this I want to I want to come back to the building network building block real quick all right let's let's give us a new drawing here your drawing space okay so you'll be popping yes a good question which is what - how does this core distribution and access concept come back and come back to the the building block the hierarchical network design model a vertical network model however you want to say the building blocks well here's how it works so we have this concept I'll just start and you will try to draw right here so this concept of core distribution access we just described and we know now a lot of the qualities of the access layer we didn't actually talk much about the distribution layer the distribution layer typically you're going to have the first operator does he protocols here you're going to have switched virtual interfaces here you're going to have routing protocols show up so ya GRP and OSPF we'll show up on your distribution layer and so that's those are the properties of the distribution layer we'll talk more about the core in a second so here's the concept I've got a core distribution and access for my main building my headquarters location let's say this is headquarters HQ alright next I need to bring in another building so now I've got a second building that's maybe it's down the street or somewhere I've got like dark fiber connection doesn't matter how it's connecting in but you know it I've just got another building so that buildings going to have an access layer let me draw it as a different color so now that building has an access layer and then that built the same building it's going to have a distribution layer as well and then that building well does it have a core layer the idea of the core layer is naturally to be the network core and then don't want to core layers that doesn't make any sense so instead we're going to do is we're going to tie that distribution block into the existing core and so this becomes my network core now I've got all you know my connectivity starts to branch out in this fashion so most of our network building block architecture has hierarchical Network that we're building we want most of those blocks to tie directly into the network core that's the ideal however one exception to that will always be the access layer because the access layer is going to connect into the distribution layer first and the reason for that is because the access layer is huge in some cases we might literally have a building with 50 access layer switches now we don't want to connect all 50 access layer switches directly to the core as much as anything because then we'd have to have these services existing on the core as well so the distribution block a lot of serves as the intermediary between the access layer and the core and that's a good thing so now we can start to look at other blocks coming into the network so let's say I've got 30 remote sites I'm gonna build a couple of routers here that bring all of these remote sites in this would be my weigh-in environment now this becomes a building block this is my way in block well my way in block is going to connect in to the core block and so we're starting to see where this core concept starts to come to life because the core now is serving a purpose it's now you know before remember the example where we're basically just access layer switch to distribution switch back down to access layer switch we're no longer in that situation you know let's let's build the internet block so we got a couple of routers connecting out to a couple of different internet service service providers so this is the internet block and we've got that connecting into the core so now what happens is I've got a host that is down here connecting into the access layer block and he needs to get out to the Internet well it's gonna go all the way up distribution core and then out to the Internet block it's no longer just up and down which you know if we had that we wouldn't need a core no true network core so this is this is where the core starts to give us that scalability you know again we've we've already mentioned but the data center if we have a data center block out here and the data center the data center interestingly by the way does kind of mimic a headquarters location the data center might have a distribution block we usually call that the aggregation block aggregation distribution mean the same thing from a network perspective but we like to call it aggregation so we know that we're talking about the data center distribution instead of a campus distribution and really again in that data center where we'll have an access layer as well now we have servers attaching rather than pcs we might have storage for it whereas where all of our data lives and such applications all of that's coming into a different access layer so now that can come in to the headquarters as well and be its own block so now this core is really coming alive and here's the one biggest thing that we care about that core remember we've got access layers all of the QoS and ACLs and connectivity distribution layers shrp is an SPI is and routing the core layer has one very simple job and it is fast layer 3 switching this is what we want the core to do that's all we should care about we don't need the core to do fancy things and we don't want it doing fancy things if it's a dedicated core so in this case and this drawing that we've created the network core is only responsible for bringing traffic in from one block figuring out where it goes as quickly as possible and sending it out towards the appropriate block that is the purpose of a network core we don't want it to be the doing first hop redundancy protocols for access layer devices we don't want it to be doing security services wireless LAN controllers we don't want Wireless LAN controllers attaching to the core you know we want the core focused its configuration should be very light and from that perspective course which is they do need to be layer three and they need to be good layer 3 switches but compared to a large chassis distribution switch sometimes the core switches can be cheaper so this is where for those who have seen Cisco has the catalyst line of switches and specifically the catalyst 9 case which the switching line so these catalysts 9ks are sort of where you know cisco used to have 2000 series switches and 3000 series switches and a bunch of different switches at 6500 s and such they put everything into the catalyst 9k line now it's really just kind of skinny down and so for example they have the 9500 switches well these 95 hundreds are supposed to be core switches that's what they're designed to be they can be distribution switches as well but you know we also have 9400 switches these 9400 are designed to be distribution and access switches and then you've got the 93 hundreds and these are designed to be access only so cisco designs switches around this hierarchical network architecture concept okay so I got a few comments here let me review these so Keith I'm good to see a key thanks for joining us our lair to course a thing not that I've ever seen you tell me if you've ever seen a lair to core that would be impressive you know the only like the closest thing I can come to on that would be like a metro ethernet wind service provider where you've got a wind service provider that's providing connectivity to dozens and dozens of remote sites and they can all see each other in this lay or two domain like that's what jumped into my head but that's yeah that's you know that's a fun question but I don't think so but yeah again you tell me if you've got something on your mind there big hop papa so really the core is the heart of the large enterprise network was Michael app scores good for a small medium but not larger ones yeah you got it and we'll talk about collapse core here in a moment Keith with blocks peering at layer 3 with each other with blocks appearing at layer 3 weeks yes thank you I have not gone into layer 2 and layer 3 yet I probably should have in hindsight I was planning on covering that later with the access layer concept but yes keith is absolutely right all of these are layer 3 connections so yeah let me just go ahead and point that out since you brought it up Keith and it's a good idea to bring up our layer 3 and our layer two concepts usually where we're going to build layer two let's draw a line right through whoops I picked the wrong layer draw a line right through these distribution layers typically we're going to have layer 3 connectivity above the line they're gonna have layer to connectivity down below the line now you can't extend layer 3 to the access layer and again if we have time we're gonna cover that later but I will say in practice I never see that I shouldn't say never never say never I very seldom see layer 3 access layers I'm sure somebody in our comments will chime in and say our our excess is a layer 3 and somebody will prove me wrong but for the most part access layer is going to be a layer to connectivity conversation everything above that distribution and aggregation layer will be layer 3 so that includes really the core is all this so when I said look fast layer 3 switching that's what I was referring to is the fact that we're very quickly looking at our routing tables which really are just our Ceph table lookups for cisco Express we're looking at the fibs Jason sees for those who have been studying that long story short though we're bringing a packet in we're trying to figure out where it goes as fast as possible and send it out the other side okay all right what is up next so we've covered oh yeah claps core let's talk about that okay so what if let's go as let's just start from scratch that that drawing is getting pretty busy so let's say I've got my we're talking about our startup again you know we've got so we're building it the right way we've got our access layer block here and we've got our distribution layer block and okay so I want to bring my internet into my network well it's not really a block at this point but let's just say it is a block let's let's say it's one we're gonna draw it right here dry the internet block so the reason I drew it there is because the question is this do I need a core block remember early on I said there's no reason to have a core block if you don't have multiple blocks all right I mean the whole point of having a core is to forward traffic between the blocks so now that I have a distribution block and a because the distribution access are connected so now that I have distribution block and an Internet block I need a core block right you know I connect my distribution to core Core to Internet well it's the core actually doing anything I mean all it's doing is handing traffic back and forth between two blocks so really we could say no core block and just connect that Internet block in now even better more realistically let's say that this is let's say I have two different buildings it maybe it's even parts of a building I mean these distribution these distribution blocks could be a physical limitation maybe my building is has one as an old part and a new part and the best way to get all the excess switches in the old part is to their own dedicated distribution switches so and now I've got two different distribution blocks do I ATAC or black well again we're growing organically let's just connect our two distribution blocks at layer 3 and call it good hey Doc thanks for thanks for the follow so now I've got two distribution blocks connected to layer three not a problem this is going fine but you know business is good and we expanded now I get a third building or maybe maybe more realistically let's say I've got a like a colocation facility so I've got a data center a fledgling data center that I'm building up and I'm putting some devices out there and so now I've got this data center out here I've got another block so do I need to have a core layer it's becoming more useful to have a core layer but but I could just connect all of these really at this point and just throw the layer three in the middle here and say that this is all layer three so now I've got this three way communications happening among these three different blocks and that's fine this is good this is this is working just fine so this is we call this collapsed core in a sense because there is no core we're collapsing the core into the distribution layer one of the biggest questions might be this where is the internet live in all this so let's just say that the internet lives out this original distribution block well that distribution block you could argue is a little more important than the other distribution blocks it's got the internet living out of it it's it's got maybe our CEO lives there what-have-you whatever the situation is you know we're gonna call this a collapse distribution and core block now because it's serving not only the purposes of the you know the function of the distribution remember we talked about that the first hop redundancy protocols and the switch virtual interfaces and the routing protocols and such all that's running there but it also has to fast switch between the data center and the internet or what have you or that's other building in the internet it's got to be responsible for that so at what point does this get large enough that it justifies a true network or it's a little bit subjective I mean I I hate to say it that way but it's it kind of is at what point is it justifiable I mean is is a core going to help us like what happens if we need to play core but that core lives here at this physical building and now that building is cut off did the court do us any good and from a resiliency perspective no not really but what if this block right here again the same block I'm keep pointing at now those are two switches that are overloaded and and they're a high CPU and I need to invest more money into building these switches to be bigger well okay I've got three blocks at this point I might as well go ahead and expand away a true course which I mean that's that's the conversation we're going to have so big Papa knows that line but better to introduce a core layer earlier than then later even that I would argue as a subjective statement because you can last for a long time without a true core layer and you may never actually need one and so if you by the time you go out and buy two core switches and put them into your network I mean it will make it cleaner but at the same time what's the bang for the buck you know if I add now another distribution layer let's say I'm I'm a school and I just built another building next door bought another building next door because my school's growing now now what do I do with this fourth built block I mean this is where we start to see this is where it's getting complicated without a core I I could just connect this in to that distribution core layer the collapsed core layer because that's the important one you know but if that link goes down then I mean everything else is up I'd hate to lose network connection just because somebody came by with a lawnmower and chopped through the fiber or something you know it's gonna happen a backhoe eventually finds the fiber and so you know let's connect that in over here and at that point we've almost got full mesh so let's just go ahead and connect over to the data center because you know I don't want the traffic to be going down to the building and then up to the data center that seemed you know like it's gonna cause Network issues and so this is where it starts to get cumbersome to not have each root core layer and so we would say you know what let's let's just go out and get a core layer we deploy that core layer here in the middle it takes over those fast layer three connections we bring the Internet in here so it's no longer coming in there and now we have all of these blocks coming in to a true core layer and we start to see that oh yeah no this is this is a much cleaner design again the sort of that hub-and-spoke so it depends on corporate vision for the future I mean none of the decisions are really up to us right and iti mean we've got to at some point accept that that if if the business doesn't see the value in spending the money they're not going to spend the money and we'll tell you this too there's a little bit of a soapbox II thing so forgive me but we and I'm guilty of this too we and ITU love to look at this and say darn it we need a true core layer and so we need to go out and buy these two switches and so you go and you price out two switches and you take it to your boss so they say oh what's this for and you're like our network is too big we need two core switches and our boss is gonna be like I mean the network is is fine right now it's working isn't it and be like well it is it is working but it doesn't look pretty on on paper and and they're not gonna care I mean we need to be able to articulate business value we would need to go and say this is going to improve our uptime status we have single points of failure in the network that could cause business outages you know this is going to create I mean resiliency the business continuity is one of the most important lines of thinking right now right for for a lot of companies especially with what's happening today you know keeping our network on line and keeping our users connected and able to do their jobs is a big deal and so using that verbage the the business world verbage to justify expenses is way better than taking basically network jargon to our bosses and trying to idea big Papa we asked for the maximum except what we can get Facebook works fine as it is I mean again in IT were used to that but I tell you what if you can learn the business language for example if you can go to your CFO and speak to converting your capex spends to op X by embracing a more cloud centric model you know all of a sudden you're speaking the CFO's language and the CFO is gonna be a lot more interested in what you have to say then if you just went in there and said you know we need to move things to the cloud you know I mean it does that hopefully that makes sense but you know when we're in IT one of the biggest shooting ourselves in the foot moments tends to be when we get so focused on the technology that we forget that we're supporting an actual business that needs to stay in business the CEO and the CFO they care a whole lot more about making sure they can make payroll a whole lot more about making sure that they can keep theirs you know for those who have shareholders right the shareholders happy the board happy whomever they're trying that's what they care about and and ultimately hopefully they're trying to provide a service a high quality service to their customers customer loyalty customer spending customer first mentality is I mean like that's what their focus is so they don't care about it pretty network drawing so if we can embrace that embrace their verbage again I told you I'm gonna soapbox oh I'm still on that so box I'm gonna get off in a second but we are much more successful at our jobs when we're looking at technology as a business enabler and we can turn the conversation away from network architecture jargon and over to how can we improve business processes how can we improve our bottom line if that's even a thing and so that's that would be again the example of this would be rather than focusing on a true network or focusing on business resiliency and staying up in the event of an outage you know single points of failure we we could lose a lot of revenue every single day if a backhoe took out this particular fiber strand or what have you all right big Papa makes total sense we have to help them understand why keeping the network working and smooth that translates a better value for the company we tend to make the assumption that they know that and they understand that it doesn't always work out that way and and we can't always change their minds and that's okay too I mean those situations are frustrating but I mean I've been there where a CEO or maybe even like a student school superintendents like well hey our teachers can still teach if the network goes down it's not a big deal ask the teachers in this day and age whether they can teach without the internet because a lot of them they're all of their lesson plans are on the internet and they've got plans to watch videos and to have maybe a video session with another class in a different school or to connect to a a scientist to talk about this or that you know so if you just tell them like hey the Internet's gonna be down today sorry like that might shoot their entire lesson plan and so there's a disconnect between what the CEO or superintendent in that case I suppose but what the leadership thinks they can do versus what the users think you know I mean if the CEO says we can go without email for days just email ask the sales team can you go without email for a day because they're immediately gonna think well I'm gonna get the biggest order of my year on that day as an email and I'm not going to respond and they're going to get mad and take their business elsewhere because if we're in sales we're paranoid it's just the reality of things so it's all about asking the right questions speaking the right language okay so collapse core any questions on any of this architecture please please chime in I'm keeping an eye on the chat so you know don't hesitate to ask these questions and we'll do our best to address them here the collapsed core concept it's it's interesting you know I let me draw another another network here because because the collapsed core concept isn't always black and white there could be a situation where you're collapsing a core for one location but you're not collapsing the core for another location like that sounds kind of odd what do we mean by that so what if let me think through this example so let's say that we've got a well it's honestly just sort of looking at the yeah yeah yeah let's do this okay so let's say first of all let's say I have this distribution layer and I have this access layer and I'm doing everything like I'm supposed to but then I've got these two big chassis switches and my boss comes to me and it's like hey you know we're gonna put 50 users over here you're like cool I'll get some access which is ordered and he's like didn't we just put a bunch of ports in those distribution switches let's just connect them in there and again you're gonna be like well that's not where they go that's the distribution layer and he's gonna ask why and you're not gonna you know maybe we can't articulate it and so what ends up happening is this becomes a collapsed distribution and access layer because even though we've got users connected in down here we also have users now connecting in to the distribution layer I mean in an ideal world again we love to live in the theoretical we don't always get to live in the prep boat I'm sorry we want to live in the theoretical but we're stuck in the practical and if I've got 200 free ports on my distribution switches and I need 50 ports use them and don't don't get bent out of shape about it either it's okay so so we connect our users into the distribution layer because there are ports available those distribution switches can handle all the policies that we've talked about so we deploy those policies to those interfaces and life is good and life is fine and and and such if we lived in a theoretical world then the only thing connecting to distribution switches would be other access layer switches downstream and core switches upstream and that would be the end of our distribution conversation so this would be a way of collapsing distribution into access layer for example so I wanted to cover that as as an option or as an example as well but now let's say that we're going to bring in and try it again she's trying to think through how exactly this would work so if we have a core layer here let's say we have a true core layer and that core layer is connecting us to the Internet and it's also connecting us to the data center but the let's say that where the court is located is another location is another building with users and a bunch of users but it's not that many users let's say it's like 30 users and so they're like they're coming to you again and saying hey we're gonna put some users at the core site we'd like them to connect into that course which and you're gonna blow a gasket but in the end we're gonna end up attaching users to this directly and now it's a collapsed core an access switch so really collapsed core distribution and access switch all on one do we see how this is gray how this this it it's not black and white it's not do you have a collapsed core do you not have a collapsed core I mean you could have a collapsed core in some sense and you could have a dedicated core in another sense because even though it's collapsed this direction doesn't mean it's collapsed in other direction I mean what what if because that seems maybe like a silly example but a more realistic example is what we basically just showcased let me just redraw that did you do to dudududududududu okay there we go so now we've got a dedicated core distribution as the dedicated core check this dedicated distribution check dedicated access check but you know now well at least hang an access switch off of those core switches you know if we said we had 50 users at that site so we've got our 50 users and they're all coming in to a single pair of access switches so we've got two access switches up here does it make sense to deploy dedicated tribution switches for that infrastructure no of course not why would we a distribution block is intended to bring many access layer switches together how many subject of conversation you know if I've got six access layer switches they could probably all connect into that course switch but eventually start to get a little bit too much and so you know we wanted to play a distribution block in there to aggregate all those connections and so in this case we would just connect in those access layer switches into the car and now it's again it's now it's a collapsed core distribution but it's only collapsed this way because down this way it's a still a three-tier model so again it's gray it's not it's it's not always well-defined maybe Papa can we please get an access switch at the second site that's triggering my spider senses yeah exactly all right I do want to point one other thing out before we go to access layer design which I believe we still get a little bit of time for that one thing I want to point out is I'm doing a lot of this where I have my my core block and my distribution block and my access block and I've got them connected with a single line like that I probably should have explained this earlier usually what this is I want to translate this into physical so this is a logical sort of speak drawing what does this physically look like usually our core is going to consist of two physical switches our distribution will consist of two physical switches and our access layer again could be as many switches as we you know need really it's it's all about meeting the needs the connectivity needs of our location and so we're gonna physically connect all of these access switches to both distribution switches that's that's truly this connection right here you know we've got all of these connections but from a building block perspective from a block architecture perspective it's just showing that the access layer connects into the distribution block well what about this connection right here what is the core to distribution like look like that is typically a full mesh we're usually going to run four different connections to each other and that can be well first of all it's going to be layer three assuredly between distribution and cord needs to be layer three they could be individual connections they could be port channels but either way for the most part we're just going to have a full mesh of connectivity because we've only got four switches so let's just do the full mesh thing alright so then let's do what I've been doing and we'd bring a second distribution switch in or block into the core what does that look like well basically the same thing I'll switch colors here so it looks better so now I've got my two distribution switches they need to connect into these core switches so now we're going to also do a full mesh so you're going to get used to these bowties because connecting a block to another block is going to involve this full mesh of connectivity so we start to see the connectivity needs of the core block because if I were to add I don't know another four blocks well every block requires at least four connections so four more block who's going to be 16 more connections now let's split between two switches but still we can start to do the math on that but even then that's not that bad I mean if a standard switch has you know even a course which might have 24 36 48 ports I mean that's a lot anyway a lot of blocks yeah we basically split it in half I mean so 48 ports which can support 24 but still times 2 so that that divided in half and times 2 cancel each other out if I have to 48 port switches in my core I could connect to 48 different weight I do that right 48 different blocks no / - no we didn't have to divide that by 2 24 different blocks anyways 24 different blocks so I mean it gives us a lot of lot of scaling all right big poppa when you're saying switches at the core layer time layer 3 switches yes thank you for asking those are layer 3 switches by the way I just discovered the router remote yeah I get it get those emotes going right cross connect for the pair - right yes so I believe Keith what you're saying is you'd want to connect these two to one another so absolutely yes on the distribution switches you'd want those to connect to each other because that provides layer two resiliency however we'll cover this in a moment - when talk about the access layer usually that connection is going to be a layer two connection out of layer three connection so one of the questions is should we connect our course to each other and generally speaking I do see cores connected to each other but I will also say there's not a lot of reason for it as long as you have big caveat on that and here it is you don't need a connection to the other court as long as it's a symmetric environment okay if course which a has a connection to everything and of course which B has a connection to everything then for the most part you don't need that but at the same time it can provide a scenario where like well maybe Korres connection to site 100 went down and core a just received something well you don't want to have to send that somewhere else so you know that all said I'm just gonna back out of my original statement say you should always connect your core switches together so I think I got a little too theoretical on that I will say this though and one a part of the reason my brain went down that path is when it comes to data centers and leaves spine architectures you never connect the spines to each other we're not going to cover that tonight unfortunately because we just don't have the time for it but when it does come to data center leaf spine architecture never connect the spines all right but but yes thank you for pointing that out that was missing in my drawings so speaking of which let's go ahead and dive into the access layer and we'll start to see those those connections where where they belong as well so when we have access layers what we're typically talking about is we've got these access layer switches and again we can have a lot of access layer switches let's just draw for here for now we've got access layer switches and then we've got a pair of distribution switches now these distribution switches are going to have connections to each access layer switch so to be clear these are no longer Network blocks I've been dealing with a lot of network blocks tonight these are actual switches at this point I want to make sure that we stay clear on that okay so this sounds this sounds good more we're gonna connect down to every access layer switch we're gonna start off by the way I'm gonna check my notes here make sure yeah okay so we want to start off by talking about this layer two versus layer three concept and we're gonna talk about physical stuff so we'll get into this in a moment for now assume that we don't have to worry about connecting to other access layer switches hanging off of here we'll cover that in a moment okay so here's the question are we going to extend layer two to the access switch or are we going to extend layer three what I mean by that is are we going to have IP addresses here and here and run a routing protocol back and forth like a IG RP or OSPF are we going to do full layer three between access layer and distribution layer or should we do layer two so this would be the layer three version on the right the layer two version would be what well we have spanning tree at play we're gonna have to block a link so we'll have spanning tree blocked ports in the network and we're going to have VLAN extensions so we're going to be able to have VLANs going between switches because the VLAN itself can go up to the distribution and back down to the other side which is important for VLANs okay so yeah yeah we wouldn't want to do both of these at the same time these are simply the two options okay so layer two or layer three what are we gonna do well there are pros and cons to both okay the pro two layer three is the biggest best thing about layer three is we no longer need to worry about spanning tree I tell you what spanning tree is a big pain the biggest troubles so to speak the most trouble I ever got in a wasn't even my fault and it took a long time to explain that but when I connected an access layer switch to a distribution layer switch and spanning-tree failed and took down an entire building basically all the users lost internet connection and it was for like a minute and a half it came it went down it came back up nobody died everything was fine but there are a lot of questions about what the heck I was doing on the network and I'd simply I mean I had to I had to prepare everything and show look what happened was spanning-tree be PDUs were dropped formed a loop and it was all just you know letting I had to go do it again in the middle of the night and I went to the middle of the night and I plugged it in exactly what I did before no configuration difference I just plugged it in oh look it worked and life was good so oops we all have fun stories like that in this career right so I'm not a big fan of spanning tree because I don't trust it anymore it didn't do its job but so so getting rifts banning tree is important I mean number one we get rid of blocked ports we don't like blocked ports because that's bandwidth we could be using and there are ways to sort of get around that by using different topologies and spanning tree we're not going to go into the details of that but still not great the potential for loops is real because even though I don't have it drawn here I'll put it back to yellow you know we have a loop so as we can see here the loop is this way and this way and this way so this is what happened to me as we formed this loop and this loop didn't block like it was supposed to and therefore we had a huge loop so spanning tree is not ideal it's a huge perk to layer three big poppa yikes didn't clear the VLAN configure on the new switch no actually truly what happened was the edge that the access layer switch was running rapid spanning tree and it was connected to one of the distribution switches and they ran fibre to the other distribution switch and they wanted me to go connect it and so I went out there and I connected it in well and I knew this I mean rapid is is backwards compatible with normal spanning tree I mean we're already literally running one switch connected to one of the core switches I wrap it and normal and they're communicating spanning tree just fine somehow the rapid when I plugged it in the rapid to traditional spanning tree didn't work on the other side so if you know one of those conundrums where I can either mess with the config and you know take it down to normal spanning tree to match what the other two switches are doing or I can leave it as it is since it's working and plug it in so is this kind of an awkward thing but yeah I was a weird one I've never seen it sense but did yeah so I tell everybody be careful if they're supposed to be backwards compatible and they are but I I got to experience the joy of it not to be clear I didn't get into trouble in the end my boss I think my boss got a little chewed out for it but he absorbed the punches for me he was a good guy and but you know it is always that be careful but you don't know how to be more careful kind of thing you know because I don't know by the time I left there it was it was it was getting to the point where they didn't want any work to be done during the day and that that's hard you know you're trying to have a work-life balance and yeah I could have done that in the middle of the night and I could have done everything in the middle of the night and so you were always you all know that balance in the IT world you're trying to figure out what you can do during the day and be careful enough that you're doing risky things after hours and so anyways that you know that one just didn't work out so yeah in the end I was pretty lucky either good it could have gone a lot more south for me probably just wrong place at the wrong time - all right we got here 15 minutes all right so we don't have I'm beating around the bush a little bit too much here let me just let me just cut to the chase all right so layer three pros for layer three no no loops that's the biggest Pro that's the biggest nicety of layer three the biggest con is price and complexity so what do I mean by that well if we want to deploy layer three to the edge these edge switches have to be layer three capable layer 3 switches usually cost more money than layer 2 switches and so if I want to put every network switch in my environment to be layer 3 that's gonna cost a lot of money now if I have feit literally if this is my Network for access layer switches whoop-dee-doo you don't make them layer 3 why not right but that does create a situation where you know if I have 40 of these switches it's gonna Jack the cost of my solution up a lot complexity I'll come back to that in a moment you'll what I'm gonna do is I'm gonna write complexity on the layer 2 side so don't really matter it's just you have to worry about this you have to worry about AIG RP the other big con anagen call it con maybe I should call it the downside the other big big downside to this is VLAN isolation and this is what from a technical perspective gets a lot of people I think price is the biggest reason why people don't do it as much because it does get expensive but VLAN isolation is at least to me the big the biggest reason to not do it personally this concept right here being able to put a VLAN on to two different switches there's a lot of applications that require it you know maybe you've got RFID readers and they need to be able to talk to each other or you've got I don't know I mean printers some old printers to only work if they're on the same layer to domain and and and so you know are we willing to say absolutely for the rest of you know from here until we've refreshed the network again we will never need to span a VLAN between the two switches because as long as there's a layer 3 boundary between the two devices you cannot stretch a VLAN now a VLAN keep in mind is a one-to-one with a subnet so that means that I'm going to have something like 192.168 well maybe we'll use the 10 range right so like let's say 10.1 1x on this switch and this switch is going to be 10.2 2x and we don't need to worry about running out of IP addresses because we've got a very large range of them in the private space and for the most part we'll be fine but at the same time like do we really want to manage all those subnets and then this comes back to layer 3 complexity managing a lot of subnets manage you know managing larger routing tables and so there are some downsides to layer 3 but I tell you what it's a clean network no loops is is a good day it runs clean it runs efficiently it's it's a well-tuned network when it's all layer 3 that's I don't know that I can say that enough I mean it's it's a very nice network oh whoa okay we got some okay no number layer 3 at the access I see yeah if we have layer 3 at the access layer then we can't we can't do that alright so so that's the layer 3 side what about the layer 2 side well the layer 2 side largely you will reverse these for the most part the the downside let me find like this ok so linear 2 down here so so the pros of layer 2 primarily that VLAN whoops we can use let me just call it stretched VLANs so stretched VLANs is a huge benefit and price I mean it's cheaper but the downsides loops that's a huge downside and and now again I'm gonna write complexity here again even though I can't quite fit it sorry but the complexity is simply different its spanning tree complexity and there are some people who are going to be way more comfortable a spanning tree and later two configurations there gonna be some we're really more comfortable at the edge ERP because it's clean and it works so you gotta pick your poison no matter what there's going to be complexity there really what it's going to come down to is can you live again from here until Network refresh so like you're getting married right you know for forever you know sickness and health and all that you know you're going to stick with this and say that you will never need to stretch a VLAN between two switches and that's a scary commitment to make and then as long as you can afford it though if that's not a problem and you can afford layer three you should to play layer three but I've never been in a situation where I've full-on recommended layer three they're just always seems to be a hang-up with one of those two situations Keith thanks for chiming in with that I've never seen it in production layer through the access layer I have I I have definitely like interacted with people who have layer three to their access layer I don't know if I've ever personally worked on any of their networks so they definitely exist that is definitely a thing but not not not something that is usually where you're going to land okay here's the crazy thing and all this and I don't have enough time to go into a whole lot of detail on this however the crazy thing about all of the everything we've just talked about is it's all going to be moot in five years this this whole conversation is is already teetering on the brink of Absolution because we are looking at software-defined networking and cisco software to find access or SDA it gets rid of all of it basically says all right we're gonna take all the benefits of layer three and we're gonna take all the benefits of layer two and we're going to bring them together so you don't have to worry about spanning tree anymore you don't have to worry about loops yes you can stretch your subnets I mean it's crazy right I mean this is the software-defined world is you literally you take an underlay Network a physical network and you draw your own network on top of it you just be like you know what I want those two computers to be on the same subnet yeah they're you know there's layers to remember I mentioned this up here as long as you have a layer three don't you know boundary you can't cross that and get to the other side on the same VLAN well with with Cisco SDA and Sdn in general you absolutely can so get ready because SDA is going to you completely turn this conversation on its head the the downside to SDA is going to come back to that price point because unfortunately it's just more expensive to do things that way but it is how we're all going to do it one day big papa underlay is still underlay right I'm not exactly sure what you mean by that but oh you mean like does the underlie still behave in this way yes but the underlay is always layer three so we basically sacrifice spanning spanning tree doesn't exist in SDA it just doesn't it just layer three to every single access layer switch and we build these VX land tunnels and use a control plane protocol called Lisp to orchestrate all of this it's it's crazy and it's cool and it's fun and we don't have time to talk about it tonight but it well yeah the underlay is a hundred percent layer-3 so again we're throwing some terms out there that we're not taking time to explain but the underlay is going to be your physical networks all your switches and routers and such are part of the underlay the overlay is all of the tunnels that you're building to make all of this work and when I say you're building it usually it's the software that's built it's the whole point like I would call it Software Defined is because the software is controlling where all the tunnels were sending all of the traffic and so all we really need to do is to find policy which is amazing say I want those two computers to be on the same subnet boom the software makes it happen right there you go all right so yeah thanks Keith glad you're glad you're here okay so last thing we got about five minutes left this is another reason why layer three never really took off because if I let me just let me do this I don't really have time to go into the low of detail I wanted to but I'll I'll just kind of throw this out here real quick let's say we have our to distribution switches and they have a connection at layer two to each other so I didn't get to really explain that either but if you're doing layer two to the access layer this link has to be layer two if it's layer three to the access layer it would be layer three so it's going to always reflect your topology build so if we're going to connect down to an access layer let's say I have an access layer switch and I connect down to it that's great except now I need 60 connections in this closet well that's going to require our second switch so now I've got the second switch in the same closet and it's probably gonna have to hang off of that switch not not that big of a deal but maybe I say you know that that's great but now that switch is a single point of failure so I'm going to remove this link and I'm going to bring it in to that switch and make a loop all right that looks good but it's also a little wonky because now we have this this full-on loop and really the the bigger issue is let's say I scale this out to five switches now so what if I've got five switches this is where what if we were taking a little bit more time to go into this and now we have this big loop is that really the best way to do it yeah it's not great because now if I'm connected to this switch here I've got to make all of these hops to get to where I want to go spanning tree is at play here so we're gonna block some random link in the middle that's not always great and so then you might question well maybe we shouldn't do this maybe we should stick with this design but now again we're back to a single point of failure so fortunately one of the biggest invention of the you know I would say late 2000s not late 2000s early 2000s thank you Jeff I don't know I think myself early 2000s was the concept of this stackable switching and the concept of chassis switches chassis switches have been around a lot longer than that but the stackable switches came out in the early 2000s so the idea is simply that we expand our ports on the XO switch and it logically stays one single switch so yeah physically we might want to bring it in to another switch or another module or what have you but it's going to logically be three connections all right we've got one connection to connection three connection we don't need to worry any more about any of the wonkiness that we had of the the big loop what would call it maybe where architecture versus a triangle right so now we're back to triangle so that's good but now Cisco also has technology called VSS and so we could deploy a stack into the distribution layer that would work or yes dacquoise as the technology is on the back end or we could use virtual switching system or VSS to also effectively stack those together well at that point we have one logical switch whoops let me just grab a different color so at this point we have one logical switch here we have one logical switch here let me draw it better like this one logical switch and we have two logical connections well if you can cross your eyes and make them fuzzy you start to see that I've basically got two switches with two connections well I can port channel those so now this will be port channeled and I don't have a single loop because effectively my logical topology is single switch one one single logical switch one single logical connection to another single logical switch physically I've got a ton of result redundancy in this physically I've got a ton of efficiency in this but logically it's a single switch connected to a single switch over a single connection so this is the beauty of again these technologies stackable switching chassis switching and VSS those three technologies come together and they make access layer switching so much easier so if you're not already doing this today in your environment you'd absolutely want to explore this I will say most people today are deploying chassis zand stacks into their access closets VSS at the distribution layer is maybe a little bit less common so that might be where you'd say oh well today I've got that triangle you know I've got the stack in the access clause and I've got the to distribution switches and it's a big triangle but you know tomorrow I could actually collapse those distributions which is into each other make them of yes system and then I don't have spanning-tree anymore I mean span tree still running because it's layer to environment spanning tree will run BPD use back and forth but again same thing over here right I mean we're just running BPD use back and forth there's no spanning tree blocked ports there's no network loops so because of that a lot of the downsides of layer 2 have gone away which further make layer 3 just an expensive solution that doesn't gain me enough to justify it so that's one of the reasons why layer 2 has really remained the primary means of connecting or access layers in so yes VSS for the wind Nexus distribution 2 stacked catalyst access Entourage so Nexus your your your your sucking me into a data center conversation which I love data center conversations all right you baited me and I'm gonna get I'm gonna spend two minutes on virtual poor channeling Nexus in the Nexus world this is data center only well I shouldn't say that because Nexus gets deployed outside the data center so I'll say it's data center generally speaking but we get same concept where we have two different Nexus switches and the nexus switches cannot support VSS okay that's not an option what the what Nexus can support is virtual port channeling or VPC what VPC does is when we have an access switch down here maybe it is a catalyst I believe Entourage you said Nexus distribution to a stat catalyst access yeah absolutely components conte yeah hey wait there's more so what we can do to this access switch is we can extend connections down and of course we connect these nexus switches to each other this is called a V PC peer link there's a term for it it is layer two and it's going to allow us to basically do magic do something that we shouldn't be allowed to do we're going to port channel these two connections to each other these two nexus switches are disparate logical switches they are individually configured individually managed and yet they can extend a port channel a virtual port channel or VPC down to this axis layer switch so even in this environment we're able to extend loop free spanning tree free topologies down to other devices we can expire we can extend that to virtual hosts servers in our environment we can also do virtual port channels so virtual port channeling is something that we can send to a lot of different types of applications we just you know again the magic is all on the nexus side this access switch as far as this axis which is concerned there's only one switch upstream same with the host you know there's a single switch upstream because as far as that's concerned it's just going to run LACP or whatever ether Channel program or you know protocol I want to run probably LACP but still I'm just running LACP and I'm getting the information and those nexus switches are disguising themselves as a single switch in the sky and so it's there's a lot of trickery that happens here there are a lot of caveats for how things need to be configured and such for example never ever run a lis virtual port channel to a router or a layer 3 switch because you should never run a routing adjacency across a virtual port channel cisco has actually patched in that you can do that now but I would still never recommend that you do it that it can can cause some very bad things to happen so but you know that was the 2 minute version of virtual port channels so there we go next two switches are fun next two switches Entourage you now get along great next as switches are my favorite switches I put me on a nexus which all day long over a catalyst I just I love them to death they are they're so much fun once you get used to Nexus CLI you don't want to go back to iOS iOS is just not as good you get used to your non IR Arkell commands and doing show runs from interfaces and using pushes and pops and things like that it's just like oh my goodness next this is so much better and even at this point and X OS is 10 years old so it's getting dated how about hey everyone thank you very much it was a great conversation around network architecture really appreciate all the dialogue that was happening in the chat I love it when it's interactive and you know always feel free to come and bring your questions so we will be back at the same time on the same day next week next Tuesday there forgive me I put the wrong date on my channel and then that got advertised out to the rest of the world hey I tries thanks for the follow so some of if you've seen an agenda out there that says we're meeting on Wednesday next week that's wrong we're sticking with Tuesday same place and again we're gonna be talking about on-prem versus on wait on prem versus cloud deployments and that would be a data center level conversation as well but at the same time it is part of the Encore blueprint literally on the blueprint it says be able to differentiate between on-premise and cloud deployments and so if you are going for your routes which CCNP this is right up the alley if you're also into data center it'll be a conversation that you enjoy so thank you very much everybody I hope you have a great night we'll see you next week bye bye [Music] [Music] [Applause] [Music] [Music] [Applause] [Music] you

Info

Channel: KishSquared

Views: 2,136

Rating: 5 out of 5

Keywords: encor, ccnp, networking, network architecture, cisco

Id: CI5w2PqPJQs

Channel Id: undefined

Length: 93min 22sec (5602 seconds)

Published: Fri Mar 20 2020