Lan Design

Bl8ckr0uter

There was a thread in here that I was reading about Lan design that reminded me about this little project I have to do.

So in a few weeks we are going to do some major work on our network. The CITO thought this would be a good day to implement our new switch design. We are moving our PCs off of our poe 3560s because we are running out of space. We have some ummanged switches that we will be moving the Pcs to. That isn't that big of a deal. I was thinking about our network design and some things have me concerned. I have attached a graph of how I think our network should look. Right now we are using 3560s and a 3560g as our access switch and 3750s for our core. The "core" switches also have our ESX farm attached to it. I want to move our 3560g to our ESX farm so I can get that off of our "core". Everything else I want to keep the same however. I don't think this should be too difficult as there really isn't that much configured on our "core" device. Any one ever done anything like this? Is it best to just leave these things alone? Is having that kind of traffic that big of a deal as far as performance is concerned?

networker050184

Have you analyzed your traffic patterns yet? That should be your fist step before making any design changes. See whats talking to what and how much bandwidth its using. Then from there you can pretty much set your network up around your traffic. It really shouldn't be the other way around.

Bl8ckr0uter

networker050184 wrote: »

Have you analyzed your traffic patterns yet? That should be your fist step before making any design changes. See whats talking to what and how much bandwidth its using. Then from there you can pretty much set your network up around your traffic. It really shouldn't be the other way around.

I've taken some pcaps. Its hard to parse through them since there are so many damn trunks and the phone vendor decided to pass everything everywhere I might have to hold off to do till I move the PCs so I can actually make heads or tails of this thing.

networker050184

You don't need packet captures necessarily, just a good idea of whats going on in the network. What is that VM Ware stack talking too? Where is most of your traffic heading and how much is it on average? Once you know those things you can figure out how to build your switch blocks. I think you have a pretty decent idea of how it should work and you're on the right path though. Remember its all about efficiency and not just trying to follow some "best practice" from a book. If having the servers tie into the core works best for your set up then go for it.

Bl8ckr0uter

I know that almost all of our servers our virtualized so the 3750 is used heavily. The 3560g is all Gigports so that shouldn't be a problem. Wouldn't you want the fastest switch as your core and try to have to have nothing going through the core execpt what needs to? I am very much a noob at this....

networker050184

knwminus wrote: »

I know that almost all of our servers our virtualized so the 3750 is used heavily. The 3560g is all Gigports so that shouldn't be a problem. Wouldn't you want the fastest switch as your core and try to have to have nothing going through the core execpt what needs to? I am very much a noob at this....

Pretty much. You want a fast switch in the core that can handle all the traffic. It will provide the inter-switch block path. On your edge switches you are more concerned about the features they can provide like QoS, 802.1x etc. The 3560s and 3750s are basically the same switch though.

One thing to keep in mind in a small environment though is that you don't always need dedicated layers of switches. You can have the 3750s serve as a collapsed core and hook the servers straight to it.

Bl8ckr0uter

networker050184 wrote: »

Pretty much. You want a fast switch in the core that can handle all the traffic. It will provide the inter-switch block path. On your edge switches you are more concerned about the features they can provide like QoS, 802.1x etc. The 3560s and 3750s are basically the same switch though.

I guess I am going to have to find numbers to back me up, but I think that switching a 3560 for a 3750 isn't going to make a big difference in our network. QoS is a problem but that's another story. I want to roll out 802.1x but that is a project for further down the road.

networker050184

I'd come up with a road map of what you want to accomplish and then break it down into steps. That way you won't have to go back and change everything around to implement 802.1x or what ever other technology you want to integrate.

Bl8ckr0uter

networker050184 wrote: »

I'd come up with a road map of what you want to accomplish and then break it down into steps. That way you won't have to go back and change everything around to implement 802.1x or what ever other technology you want to integrate.

That's probably a good idea. I was given to task: optimize the network and enhance security. I know the what and why but I need to find the how. 802.1x is something the CITO mentioned by name, so was QoS. Our phone vendor was suppose to come into and configure the QoS settings per their documentation but that again is another story. It is very nerve racking because pretty much I'm the only person who has any kind of a clue about cisco gear. but I guess its sink or swim and I am not drowning. Guess I better order that switch guide...

xxdrexx

Our VMWare cluster is directly attached to our core switch stack. We use 3750s in the core and (gulp) 3500xls as access switches. Our design is pretty much a collapsed core design.

As others have pretty much said I don't think you gain much by having your VMWare stuff segregated into one switch. Think about it from the perspective of the users... if they want to get to a server now they have to hop to another switch rather than simply go to the core. Also if you've got a stack of 3750s that means your etherchannels and/or trunks to the VMWare cluster can be redundant in case of a link or switch failure.

One thing that's interesting is that you're moving users off of the 3560s because you're running out of space, and yet you want to run dot1x... I think the smart move might be to just get another 3560 to handle the increased user traffic, unless this is just a temporary fix. I guess you could try to get dot1x to work with a netgear or cisco small business something or other... but I'd rather keep the environment consistent, personally.

The last time users drove us to expand, I made the case to put a new 3750 in as an access switch rather than throw money away on a POS non-managed non-standard non-Cisco switch.

Bl8ckr0uter

xxdrexx wrote: »

Our VMWare cluster is directly attached to our core switch stack. We use 3750s in the core and (gulp) 3500xls as access switches. Our design is pretty much a collapsed core design.

Interesting. Thanks for confirming at least 1 other person has it set up like this.

xxdrexx wrote: »

One thing that's interesting is that you're moving users off of the 3560s because you're running out of space, and yet you want to run dot1x... I think the smart move might be to just get another 3560 to handle the increased user traffic, unless this is just a temporary fix. I guess you could try to get dot1x to work with a netgear or cisco small business something or other... but I'd rather keep the environment consistent, personally.

This is just until Jan1 and we can get a few more 3560. This won't be a long term thing at all. Come Jan 1 I want to request 3-4 3560s.