Is 2 multilayer switches too much?

[knobshine]

I'm doing an assignment at the moment where I have to design a branch offices network with 100 staff. Redundancy wasn't specified.

At first I decided to do it with 1 router at core layer, 2 multilayer switches at distribution layer (for redundancy), with a mesh between them and 3 switches at access layer.

But now I'm wondering if 2 multilayer switches (one of the cisco 3560 series I'm thinking) is a bit overkill for a network this size. Is the redundancy worth it? I know in an ideal world it is but I'm trying to design it while keeping in mind what a small office can realistically afford.

Don't want you guys to do my assignment for me, just wanting some opinions of people working in the real world.

 

[Roger.Wilco]

I'm doing an assignment at the moment where I have to design a branch offices network with 100 staff. Redundancy wasn't specified.

At first I decided to do it with 1 router at core layer, 2 multilayer switches at distribution layer (for redundancy), with a mesh between them and 3 switches at access layer.

But now I'm wondering if 2 multilayer switches (one of the cisco 3560 series I'm thinking) is a bit overkill for a network this size. Is the redundancy worth it? I know in an ideal world it is but I'm trying to design it while keeping in mind what a small office can realistically afford.

Don't want you guys to do my assignment for me, just wanting some opinions of people working in the real world.

If redundancy wasn't specified, then it's too much, especially for such a small network.

 

[knobshine]

If redundancy wasn't specified, then it's too much, especially for such a small network.

Thanks, for feedback. Yeah, that's what I was thinking.

 

[ponder]

I you have a router I also don't see the need for multilayer switches in the distribution layer on such a small network.

 

[Tinuva]

I you have a router I also don't see the need for multilayer switches in the distribution layer on such a small network.

Depends on the router model and how many ports that router have.

Some have only 2 ports, some have 4, some have more. With very few ports on the router he might need it.

I think it is one thing to draw a diagram of a proposed network, its a complete different story adding make/model where you bring the port density ect. into the equation. In the real world you will also need to take bandwidth requirements into consideration, for example a very old router might only be able to route/switch 20mbit/sec of traffic, where other newer models can do 2.5-10gbit/sec. This is regardless of what speed the ports on the router is.

ps. You can get a freeware diagram editor at http://projects.gnome.org/dia/
It has by default some Cisco and general network stencils, will make your picture looks MUCH better for free (though I will admit its not match for MS Visio)

 

[ponder]

Depends on the router model and how many ports that router have.

Some have only 2 ports, some have 4, some have more. With very few ports on the router he might need it.

Just working on the assumption that it's a small company and they probably don't have a fat pipe on the wan side.

Edit: There's simply not enough information here (usage, traffic, budget etc) to design a solution as one size does not fit all.

 

[Know_hope]

I suggest 2 Layer 3 switches for the Core (which will handle your inter-VLAN routing and provide redundancy). Skip the distribution layer and provide user access switches redundantly connected to the Layer 3 switches using STP. Small business or not, if the company is in a production environment, it will require redundancy.

 

[knobshine]

Thanks for all the feed back guys given me quite a bit to consider. I've got that Edraw Max but I'll give that Dia a go too, shot.

I just did that quick sketch to give an idea of what I was talking about. Also I didn't give all the specs as I didn't want people to think I wanted to get them to design it for me. Just want some insight from people working in the industry.

I spoke to my lecturer yesterday and he said we have a million rand budget now (it wasn't in the notes) so money isn't as much of an issue as I thought. I asked him his thoughts on dropping the 2nd multilayer and he said I should rather keep it in so it's easier to expand the network at a later stage (maybe he thought I was being lazy).

@Know_hope: I haven't had that much experience with MLSs, would I be able to create a VPN tunnel from one to an HQ router? Hadn't even thought of that, shows how programmed I am to the classroom/lab enviroment.

One thing I noticed I'm going to run up against if I use two MLSs is the gateways for the VLANs as I can only use the IPs on a sub-interface once. Would I be able to use etherchannel to bond two ports, set up the sub-interfaces for the VLANs then plug one MLS into each port, or would that not work.

 

[dabouncer]

Companies these days should have a minimum of 2 server/network rooms.

Where is your wireless infrastructure? Copper is old school. Cisco 5500 WLC per server room in HA. 3500 series AP's.

6500's for routers, core and dist switching. 3560 access full mesh. What about Nexus?

Where is your WAN, Access control?
Cisco ASA 5520 in each server room (active/active or active/standby), 1 WAN per server room possibly independant mediums (fibre, microwave). NO, businesses should not be using ADSL for primary connectivity.
Cisco ACS x 2.

What about FRU? Always include spares, field replaceable units are critical these days. On the access side keep at least 2 FRU. Everything else is already HA.

What about Cisco support? Smartnets?

What about HP switching?

 

[TheGuy]

Companies these days should have a minimum of 2 server/network rooms.

Where is your wireless infrastructure? Copper is old school. Cisco 5500 WLC per server room in HA. 3500 series AP's.

6500's for routers, core and dist switching. 3560 access full mesh. What about Nexus?

Where is your WAN, Access control?
Cisco ASA 5520 in each server room (active/active or active/standby), 1 WAN per server room possibly independant mediums (fibre, microwave). NO, businesses should not be using ADSL for primary connectivity.
Cisco ACS x 2.

What about FRU? Always include spares, field replaceable units are critical these days. On the access side keep at least 2 FRU. Everything else is already HA.

What about Cisco support? Smartnets?

What about HP switching?

What clients should and what happens in real life is 2 completely different things. We have clients over 200 big that don't even use routers on the LAN side. Maybe a good core switch that's it.

 

[knobshine]

I was given some guidlines to follow: All cisco equipment (it's a cisco course), branch gets internet via a point-to-point VPN to HQ which connects to the ISP. Also there is an ADSL line for backup internet. I have two WAPs to cover the area.

Below, is my logical diagram I did a while ago. Keep in mind it's still a work in progress, just so I can have something down to plan around. I'm getting rid of one of the access switches, want to put HR and Guest on the same switch. Oh yeah, ignore the HR Vlan IP address mistake, haven't corrected it because this diagram is for personal use, not for hand in. Any other mistakes let me know though so I can check them out.

But yeah, as I said before I don't want to give you all my requirements because then it looks like I'm asking you guys to design it for me. Just maybe when I'm stuck on something or need some advice from real life experiences.

Thanks again for the help guys, I know it must feel like you're giving some free consultations here.

 

[Tinuva]

You could run your core redundant as well. While 6500s for example have in-chassis redundancy, its good to have 2 still, at times strange things hit you and then having a 2nd core means no downtime.

Ie. We had a buggy IOS on SUP720 at one point, and while it runs fine for about a month or so, the bug would hit and everything would go south on that 6500. Having a 2nd where the bug haven't hit you yet while you take the 1st down and upgrade the IOS means a whole 15minutes downtime you don't have to have.

 

[dabouncer]

Where is your voip vlan? You should include a cisco voip solution. Think its the uc500 will support 100 users but not sure on scalability.
Where is your storage vlan for sans and data? Will the switches you be supplying support jumbo frames throughout the core network?
Where is your wifi vlan?
Where is your cisco nac or trustwave for a better product but its a cisco project...

 

[knobshine]

thanks for all the pointers guys. Yeah I should add a VOIP solution, I'll check out that uc500.

 

[Roman4604]

thanks for all the pointers guys.

Probably a bit late, but if I were to fulifil your requirement on a non-enterprise budget, I'd use the following to provide a robust yet flexible solution;

2 x 3750X switches stacked for the core - redundant aggregation of access switches & inter-vlan ip routing
X x 2960S switches for the access layer - 24 or 48 port switches as required by physical layout

Core stacking allows access switches to be dual uplinked to each core switch using portchanneling, thereby eliminating the need for STP to perform any packet steering desicions. STP is still required as a failsafe though, to detect if any two same vlan ports on differing access switches are inadvertantly cross connected.

Now just configure using best practice DC design e.g. run rpvst+ with vtp transparent (manually configure all vlans only as required on each sw), and no auto vlan pruning (manually allow only vlans configured on downstream access switches on core trunk ports).

This design is efficient (traffic only traverses neccessary trunks), redundant (can sustain core sw failure), high performance (load-balanced uplink trunks), simple to troubleshoot (no STP loops to deal with) & flexible (any port on any switch can be in any vlan).