E-guide

LAN switches Buyer’s Guide – part 1 Your expert guide to LAN switches management tools

Page 1 of 13

In this e-guide

The evolution of campus

LAN switches in the

enterprise

Do I need campus

switches in my

enterprise?

E-guide

The evolution of campus LAN switches in the enterprise

Andrew Froehlich, President

The campus LAN switch is a fundamental component of networking.

There is a lot to know about the roles these switches play in a

modern enterprise network.

There's no denying campus LAN switches have made significant strides over

the years in performance, integration and the sheer number of specifications

that can be configured. That being said, the actual design used in most campus

enterprise LANs has remained largely unchanged for the past decade or so.

Yet, because there are so many new features and new marketing jargon

propagated by LAN switch vendors, the once clear-cut dividing lines between

the three tiers of a campus LAN network -- access, distribution and core -- are

becoming blurry. In our first article in this series on campus LAN switches, we

will help you to differentiate what duties each tier of the classic three-tier LAN

design is responsible for and why.

Page 2 of 13

In this e-guide

The evolution of campus

LAN switches in the

enterprise

Do I need campus

switches in my

enterprise?

E-guide

Campus LAN switch design: The three-tier

model

The primary goal of any campus LAN design is to provide end-to-end

connectivity using the fastest path possible. Secondary goals include things

such as application optimization, redundancy, security and ease of

management. But since our primary goal is speed, most designs revolve around

the idea that a device located on one side of the network can minimize the LAN

hop required to reach a device on the complete opposite side of the campus

LAN. This is where the three-tiered, hierarchical design comes into play, as

shown here:

From a high-level perspective, all end devices, such as PCs, laptops, servers

and wireless devices, connect to what is referred to as the access layer.

Access-layer switches then connect upstream to the next tier -- the distribution

layer. Finally, the distribution-layer switches connect to the top tier -- the core.

And, as you can see, this simple design allows for devices to be at a minimum

number of device hops away in order to communicate.

For the most part, network administrators understand the three-tiered hierarchy

from a data-transport perspective. But where things get difficult is in

differentiating an access, distribution and core switch from the other number of

network services they are so often asked to provide. In the next few sections,

Page 3 of 13

In this e-guide

The evolution of campus

LAN switches in the

enterprise

Do I need campus

switches in my

enterprise?

E-guide

we will go into detail as to which layer of the three-tier design you are most likely

to deploy various types of network services.

Duties of the access layer

The role of the access layer is to connect end devices to the network for

communication. Typically, access switches operate at Layer 2 of the OSI model

and keep track of a table that maps MAC addresses to switch port interfaces. If

multiple virtual LANs (VLANs) exist on the switch, the uplinks from the access

switch to the distribution-switch tier are configured as trunks that transport

multiple VLANs across a single link using VLAN tags. Because the switches use

Layer 2 for transport, they are configured to support the Spanning Tree Protocol

(STP) to avoid network loops with nearby access switches, as well as with

switches in the distribution tier. In terms of network services, access switches

are commonly configured to either set quality-of-service (QoS) markings or to

trust the markings from end devices. The markings are then used to divide data

into different classes, where traffic policies are then enforced end to end

throughout the rest of the network. Access-control mechanisms such as 802.1x

authentication may also be configured on the device ports to help identify users

who are attempting to gain access to the network.

Page 4 of 13

In this e-guide

The evolution of campus

LAN switches in the

enterprise

Do I need campus

switches in my

enterprise?

E-guide

Duties of the distribution layer

Seated between the access and core tiers, distribution switches are in charge of

the majority of network services on a campus network. The following duties are

often performed at this layer:

Termination of Layer 2 VLAN trunks coming from the access switches. Serve as the Layer 3 default gateway for access VLANs. Designation as the root bridge for STP. Configuration of most routing protocols and redundancy or high-

availability protocols. Creation and application of access lists to filter traffic. DHCP server services -- or serve as a DHCP relay. Centralized point for multicast configurations.

QoS policies are also set and enforced based on the classification they were

assigned to by the access switches.

Duties of the core layer

The sole purpose of the core layer is to move packets from the distribution tier,

across the core switches and back down to the next distribution block as fast as

possible. There should be no services -- other than basic QoS policy

enforcement -- or filtering at this tier. Remember, those duties are left to the

distribution layer. But because of the likelihood that a great deal of traffic will be

passed from one core switch to the next, this top tier in the hierarchical model is

where the largest amount of throughput is needed. Therefore, you likely see 10,

Page 5 of 13

In this e-guide

The evolution of campus

LAN switches in the

enterprise

Do I need campus

switches in my

enterprise?

E-guide

40 and 100 Gbps connections and techniques, such as port-channeling, used

heavily on these switches. It used to be that core switches operated at Layer 2,

because Layer 3 switches could not push packets at wire speed. But this hurdle

has been overcome long ago -- and most modern core switches operate at

Layer 3 and use routing protocols for redundancy, as opposed to STP at Layer

2.

It's also important to note that on smaller networks, with less traffic passing

between core switches, a fully separate core switch tier is not always

necessary. Instead, many administrators of smaller enterprise networks choose

to implement what's known as a collapsed-core architecture. This is where the

core takes on the duties of both the core and distribution tiers. It's a cost-

savings measure that also eliminates yet another hop along the path.

Where aggregation, edge and data center

switches fit

Many companies find themselves confused when choosing the correct campus

LAN switch for their networks. Marketing buzzwords from switch vendors don't

make that process any easier. Consider the term aggregation. In one sense, all

switches are aggregation switches. Access switches aggregate end users.

Distribution switches aggregate access switches and core switches aggregate

distribution switches. But, for most switch vendors, the term aggregation switch

Page 6 of 13

In this e-guide

The evolution of campus

LAN switches in the

enterprise

Do I need campus

switches in my

enterprise?

E-guide

is simply an updated term for distribution switches that aggregate multiple

access switches -- usually in a single building -- together using high-speed

Ethernet connections, such as 10 Gbps fiber.

Another common -- and confusing -- marketing term is the use of edge when

discussing switches. In most networking circles, a network edge resides in one

of two places. The first is the point between the privately owned network and the

internet. The second use for edge -- and the term we're interested in -- is in

describing switches that connect end-user devices to the rest of the network.

So, it's safe to say edge switch equals access switch.

Finally, many engineers wonder where data center switches fit into the campus

LAN three-tier design. Generally speaking, data center switch blocks should be

considered part of the access tier that connects end devices to the rest of the

network. However, because data center switches provide such a different set of

services, such as server virtualization, application-level intelligence and

connectivity into storage networks, the topic of data center switching should

largely be thought of as a separate conversation.

Page 7 of 13

In this e-guide

The evolution of campus

LAN switches in the

enterprise

Do I need campus

switches in my

enterprise?

E-guide

Conclusion

At this point, we should now have a sound comprehension of the architecture of

three-tiered campus LAN switches. We should also understand what services

each switch layer commonly provides. In the next article in this series, we will

help you to determine your need for the various types of campus switches, and

if you should consider purchasing or upgrading one or more tiers.

Next article

Page 8 of 13

In this e-guide

The evolution of campus

LAN switches in the

enterprise

Do I need campus

switches in my

enterprise?

E-guide

Do I need campus switches in my enterprise?

Andrew Froehlich, President

The role of campus switches depends on the demands of your

organization. What are the important considerations to help you

make the right choice on whether or not to deploy them?

Every campus network design will be unique. Differences, such as the number

of users, their locations and what types of applications they use, will all affect

how a network is designed -- as well as what types and numbers of campus

LAN switches the design should include. In this article, we will again look at

each of the three tiers of switches -- access, distribution and core -- and point

out some of the most common scenarios when particular types of campus

switches would be necessary or unnecessary.

Everyone needs access switches

Regardless of whether you are building out a massive, enterprise-grade LAN

environment, or just a small remote site, your end-user devices on a campus

network are going to connect to access-grade switches. If you are going to

deploy a network using access switches only, make sure you understand how

Layer 2 and Layer 3 connectivity will operate. Typically, for larger LANs with

Page 9 of 13

In this e-guide

The evolution of campus

LAN switches in the

enterprise

Do I need campus

switches in my

enterprise?

E-guide

access and distribution switches, the distribution layer performs Layer 3

communication. In smaller environments with no distribution layer, you have a

couple of options to gain Layer 3 connectivity with the rest of your LAN. The first

option is to connect your Layer 2 access switch to a device, such as a router or

firewall. The router or firewall can then be configured as the default gateway for

the various virtual LANs you configure, as well as provide routing between each

and out to the external wide area network (WAN) or internet.

The other option is to use access switches that operate at both Layer 2 and

Layer 3. By doing so, you can create virtual switch interfaces at Layer 3 and

perform all switching and routing on a single device. And since the number of

users is relatively small at remote sites, campus switches can usually handle all

switching and routing for the relatively small amount of traffic the site will create

and consume.

Where distribution/aggregation campus

switches make sense

There are a few reasons to implement an access/distribution collapsed-core

network design. Chief among them is the number of end users the LAN

supports and the geographic proximity among users. If the number of users

exceeds several hundred, the amount of throughput will eventually exceed the

capabilities of the access switches alone. In order to counter this -- while, at the

Page 10 of 13

In this e-guide

The evolution of campus

LAN switches in the

enterprise

Do I need campus

switches in my

enterprise?

E-guide

same time, keeping LAN costs under control -- a collapsed core strategy makes

sense. This method uses multiple or stacked access switches at the edge to

handle Layer 2 connectivity, while offloading Layer 3 routing, access control and

other network functions to the distribution layer.

From a physical proximity perspective, you should start considering distribution

switches when you begin to reach the limitations of LAN cable lengths. If you

have Category 5 and 6 unshielded twisted pair cabling from an access switch to

end devices, the 1000BASE-T specification stipulates the cabling length

between the end device and switch cannot exceed 100 meters. If that is

surpassed, expect to incur various errors and discards on the switch port. If your

users are dispersed across a building that requires the placement of two or

more access switch closets due to distance limitations, it makes sense that

these access switches are linked to a centralized distribution/aggregation

switch. Doing so ensures all users are within one network-device hop of each

other.

When core switches are truly needed

Much like the primary requirements for moving from an access-only network to

a collapsed-core, access and distribution design, the reason to move to the

traditional three-tier design revolves around physical proximity and number of

users. If your network spans multiple buildings that require all users to be the

same number of device hops away from each other for latency purposes, the

Page 11 of 13

In this e-guide

The evolution of campus

LAN switches in the

enterprise

Do I need campus

switches in my

enterprise?

E-guide

easiest way to do this is to centralize interdistribution connectivity by pushing all

data up to a core layer. While you could build out full-mesh connectivity -- or

create a ring topology between buildings -- these options may not be feasible,

practical or sufficient for your LAN needs.

The other aspect to consider is the sheer throughput and latency requirements

your end users demand. The three-tier design optimizes connectivity from end

to end on the LAN and ensures uniform latency and quality of service across the

board. Internet and WAN links typically connect into the core from edge routers.

To ensure uniform access for all end users, it's best to have a core layer to

distribute external access to the rest of your LAN. The only other responsibility

of the core, then, is to route packets from one network segment to the other as

quickly as possible.

Other considerations for campus switches

There are two other topics that need to be mentioned when evaluating which

campus switch numbers and types to include in a design. The first is LAN

redundancy. If you are designing and managing a medium-sized to large

campus network, it's common practice to provide high availability (HA) at the

switch and uplink level. That means you use two or more core and two or more

distribution switches in each block -- and configure them so a failure of one

switch does not disrupt traffic flow. Along those same lines, uplink connections

between all switches on the LAN should include more than one physical

Page 12 of 13

In this e-guide

The evolution of campus

LAN switches in the

enterprise

Do I need campus

switches in my

enterprise?

E-guide

connection. Then, using any number of redundancy configuration methods, the

loss of a single connection will have no effect on end users.

The second topic is when to consider using data center switches as opposed to

traditional access switches on your LAN. If you operate a large and highly

complex data center with virtualization at the compute and storage levels, data

center switches offer plenty of features to squeeze the most out of the hardware

and software. The primary thing to look at is what you think your east-west

traffic -- traffic within a data center -- pattern will look like on your campus

switches. If east-west throughput is going to be higher than what an access-

layer switch can handle, then you're probably going to be able to take

advantage of the processing power and added HA features of a data center

switch. However, if you've only got a handful of bare-metal or virtualized servers

to manage on your campus, you can probably get away with connecting them

using access-grade switches.

The next article in this series will deal with more specific criteria of the various

campus switches and why you might want to create a list of features you can

use when evaluating specific options for vendor campus switches.

Page 13 of 13

In this e-guide

The evolution of campus

LAN switches in the

enterprise

Do I need campus

switches in my

enterprise?

E-guide

About the author

Andrew has been involved in enterprise IT for over 15 years. His primary focus

has been in Cisco wired - wireless - voice network design, implementation and

support as well as network security. This includes project management tasks

dealing with network infrastructure upgrades and new build-outs. He's also been

heavily involved in data center architectures designed to provide fault-tolerant

enterprise applications and services to thousands of users.