Professional Documents
Culture Documents
Routed Access
BRKCRS-3036
Housekeeping
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Some loops are fun ...
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
But not all ... sounds familiar...?
―Nothing seems to work‖ Number of topology changes 2433341 last change occurred 00:00:02 ago
%PM-SP-4-LIMITS: Virtual port count for module 5 exceeded the recommended limit of 1800
%PM-SP-4-LIMITS: Virtual port count for switch exceeded the recommended limit of 13000
Si Si
L3 Control
L2 Control Plane Failure
Si
Plane Failure
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Enterprise Campus Design:
Routed Access
Agenda
Introduction
Cisco Campus Architecture Review
Campus Routing Foundation and Best Practices
Building a Campus Network with no L2 Loops: a
Routed Access Design
Routed Access Design and VSS
Routed Access Design for IPv6
Impact of Routed Access Design for Advanced
Technologies
Summary
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Next Generation Campus Design
21st Century Business Realities
Badge Readers
Unknown
or Guest
Partners
Si Si Si Si Si Si
Employees
Subcontractor
Si Si
Consultant
Campus
Si Si
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
Data Center
10
Next Generation Campus Design
New Application Traffic Models
Application Traffic
Requirements are evolving
Desktop based Unified
Communications
Collaborative apps Si Si Si Si Si Si
Presentation_IDPresentation_ID
© 2007 Cisco Systems, Inc.©All
2010 Cisco
rights and/or its affiliates.
reserved. All rights reserved.
Cisco Confidential Cisco Public 12
Medianet Application Requirements
The Effect of Convergence Times on Media Flows
500000
on the network 400000
0.8 sec
expose 300000
200000
shortcomings of 100000
‗good enough‘ 0
1
11
21
31
41
51
61
71
81
91
101
111
121
131
141
151
201
211
221
231
241
251
261
271
281
291
161
171
181
191
convergence
> 1 min
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Fast Convergence and Reliability
Are Essential...
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Enterprise Campus Design:
Routed Access
Agenda
Introduction
Cisco Campus Architecture Review
Campus Routing Foundation and Best Practices
Building a Campus Network with no L2 Loops: a
Routed Access Design
Routed Access Design and VSS
Routed Access Design for IPv6
Impact of Routed Access Design for Advanced
Technologies
Summary
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Hierarchical Network Design
Without a Rock Solid Foundation the Rest Doesn‘t Matter
Offers hierarchy—each layer has specific role
Modular topology—building blocks
Access Easy to grow, understand, and troubleshoot
Creates small fault domains—clear demarcations and
isolation
Si Si Si Si Si Si
Distribution Promotes load balancing and redundancy
Promotes deterministic traffic patterns
Incorporates balance of both Layer 2 and Layer 3
Core technology, leveraging the strength of both Si Si
Access
WAN Building Block Internet
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Multilayer Campus Network Design
Layer 2 Access with Layer 3 Distribution
L3 L2
Si Si Si Si
Convergence is dependent on
(seconds)
6
multiple factors
FHRP - 900msec to 9 seconds
4
Spanning Tree - 400msec to
50 seconds
2
FHRP Load Balancing
HSRP/VRRP – Per Subnet
GLBP – Per Host 0
250 msec 3 secs
HSRP Hello Timers
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Multilayer Campus Network Design
Layer 2 Loops and Spanning Tree
Campus Layer 2 topology has sometimes proven a
operational or design challenge
Spanning tree protocol itself is not usually the problem, it‘s the
external events that triggers the loop or flooding
L2 has no native mechanism to dampen down a problem:
L2 fails Open, as opposed to L3 which fails closed
3/2 3/2
3/1 3/1
Switch 1 Switch 2
DST MAC 0000.0000.4444
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Enterprise Campus Design:
Routed Access
Agenda
Introduction
Cisco Campus Architecture Review
Campus Routing Foundation and Best Practices
Building a Campus Network with no L2 Loops: a
Routed Access Design
Routed Access Design and VSS
Routed Access Design for IPv6
Impact of Routed Access Design for Advanced
Technologies
Summary
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Best Practices—Campus Routing
Leverage Equal Cost Multiple Paths
Use routed pt2pt links and do not
peer over client VLANs, SVIs.
1. Link Down
~ 8 msec L3
loss 2. Interface Down Si Si
3. Routing Update
21:38:37.042 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/1, changed state to down
21:38:37.050 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet3/1, changed state to down
21:38:37.050 UTC: IP-EIGRP(Default-IP-Routing-Table:100): Callback: route_adjust GigabitEthernet3/1
1. Link Down
2. Interface Down
L2
3. Autostate
Si Si
~ 150-200
4. SVI Down
msec loss
5. Routing Update
21:32:47.813 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/1, changed state to down
21:32:47.821 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet2/1, changed state to down
21:32:48.069 UTC: %LINK-3-UPDOWN: Interface Vlan301, changed state to down
21:32:48.069 UTC: IP-EIGRP(Default-IP-Routing-Table:100): Callback: route, adjust Vlan301
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
CEF Load Balancing
Underutilized Redundant Layer 3 Paths
Redundant
The default CEF hash Paths
‗input‘ is L3 source and Access
Ignored
Default L3 Hash
destination IP addresses
• Imbalance/overload could
occur
Distribution Si
CEF polarization: in a
Si
Default L3 Hash
multihop design, CEF could L
select the same left/left or R
right/right path Core
Default L3 Hash Si
• Redundant paths are
Si
ignored/underutilized
Two solutions: Distribution
Default L3 Hash
1. CEF Hash Tuning Si Si
2. CEF Universal ID L R
Access
Default L3 Hash 70% 30%
load load
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
CEF Load Balancing
1. Avoid Polarization with CEF Hash Tuning
Si Si
Si Si
Si Si
Si Si
Model A Model B
2.5
Time to Restore Voice (Sec.)
Si
2
1.5
Time for ECMP
1
Recovery
0.5
0
800 1000 3000 6000 9000 12000
Number or Routes in Area – Sup720
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Enterprise Campus Design:
Routed Access
Agenda
Introduction
Cisco Campus Architecture Review
Campus Routing Foundation and Best Practices
Building a Campus Network with no L2 Loops: a
Routed Access Design
Routed Access Design and VSS
Routed Access Design for IPv6
Impact of Routed Access Design for Advanced
Technologies
Summary
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Routed Access Design
Layer 3 Distribution with Layer 3 Access: no L2 Loop
EIGRP/OSPF EIGRP/OSPF
Layer 3
Si Si
Layer 3
Layer 2
EIGRP/OSPF GLBP Model EIGRP/OSPF
Si Si
Layer 2
802.1x
QoS Settings ...
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Routed Access Advantages
Simplified Network Recovery
Routed Access network recovery is
dependent on L3 re-route
Time to restore downstream flows is Si Si
based on a routing protocol re-route
Time to detect link failure
Time to determine new route
Process the update for the SW RIB Si Si
Update the HW FIB
Time to restore upstream traffic flows
is based on ECMP re-route
Time to detect link failure
Si Si
Process the removal of the lost routes from
the SW RIB
Update the HW FIB Upstream Recovery: ECMP
Downstream Recovery: Routing Protocol
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Routed Access Advantages
Faster Convergence Times
RPVST+ convergence times
dependent on FHRP tuning Both L2 and L3 Can Provide
Proper design and tuning can Sub-Second Convergence
achieve sub-second times
2
EIGRP converges <200 msec
1.8
OSPF converges <200 msec 1.6
with LSA and SPF tuning Upstream
1.4
1.2 Downstream
1
0.8
0.6
Si Si
0.4
0.2
0
RPVST+ OSPF EIGRP
FHRP
Si Si
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Routed Access Advantages
A Single Router per Subnet: Simplified Multicast
Layer 2 access has two multicast routers per access subnet,
RPF checks and split roles between routers
Routed Access has a single multicast router which simplifies
multicast topology and avoids RPF check altogether
IGMP Querier
(Low IP address)
Si Si
Si Si
Designated
Non-DR has to Router
drop all non-RPF (High IP Address)
Traffic
Si
Designated
Router & IGMP
Querier
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Routed Access Advantages
Ease of Troubleshooting
Consistent troubleshooting:
access, dist, core L3 L3
L3 L3
IP SLA from the Access Layer switch#sh ip cef 192.168.0.0
192.168.0.0/24
nexthop 192.168.1.6 TenGigabitEthernet9/4
Failure differences
Routed topologies fail closed—i.e.
neighbor loss
Layer 2 topologies fail open—i.e.
broadcast and unknowns flooded
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Routed Access Design Considerations
Design Constrains
Si Si
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Routed Access Design Considerations
Platform Requirements
Catalyst Requirements
Cisco Catalyst 3550 or above
(including X, E and v2 models)
Si Si
Catalyst 6500 Supervisor with an MSFC
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Routed Access Design
Migrating from a L2 Access Model
DHCP
DNS
10.1.20.0/23
interface Vlan20
10.1.30.0/23 10.5.10.20
ip address 10.1.20.3 255.255.255.0
ip helper-address 10.5.10.20 ...
standby 1 ip 10.1.20.1 10.1.120.0/23
standby 1 timers msec 200 msec 750 EIGRP/OSPF
standby 1 priority 150
VLAN 20
standby 1 preempt
standby 1 preempt delay minimum 180 VLAN 30
... 20,30 ... 120
VLAN 120
Si Si
interface GigabitEthernet1/1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20-120 VLAN 20 VLAN 20
switchport mode trunk VLAN 30
GLBP VLAN 30
Model
switchport nonegotiate ... ...
Si
Si
VLAN 120 VLAN 120
User User
Groups Groups
interface
interface GigabitEthernet1/1
GigabitEthernet1/1 L3 L3
description
switchport Distribution Downlink
ip
switchport
address 10.120.0.196
trunk encapsulation
255.255.255.254
dot1q
L3 L3
switchport trunk allowed vlan 20-120 VLAN 20 VLAN 20
switchport mode trunk VLAN 30
GLBP VLAN 30
Model
switchport nonegotiate ... ...
Si
Si
VLAN 120 VLAN 120
User User
Groups Groups
Si Si
interface Vlan20 L3 L3
ip address 10.1.20.3 255.255.255.128
ip helper-address 10.5.10.20
L3 L3
VLAN 20 VLAN 20
VLAN 30
GLBP VLAN 30
Model
...
Si ...
Si
VLAN 120 VLAN 120
User User
Groups Groups
SVI configuration at the access layer is simplified
Larger subnets used before can simply be splitted into smaller ones and
assigned to new DHCP scopes
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Enterprise Campus Design:
Routed Access
Agenda
Introduction
Cisco Campus Architecture Review
Campus Routing Foundation and Best Practices
Building a Campus Network with no L2 Loops: a Routed
Access Design
EIGRP Design to Route to the Access Layer
OSPF Design to Route to the Access Layer
Other Design Considerations
Routed Access Design and VSS
Routed Access Design for IPv6
Impact of Routed Access Design for Advanced
Technologies
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Deploying a Stable and Fast
Converging EIGRP Campus Network
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
EIGRP Neighbors
Event Detection
EIGRP neighbor relationships are created when a
link comes up and routing adjacency is established
When physical interface changes state, the routing Si Si
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
EIGRP Design Rules for HA Campus
Limit Query Range to Maximize Performance
EIGRP convergence is largely dependent on
query response times
Minimize the number of queries to speed up
convergence Si Si
Query
Reply Reply
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Limiting the EIGRP Query Range
With Stub Routers
A stub router signals (through hellos) Distribution
that it is a stub and not a transit path Reply
Stub Stub
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
EIGRP Route Filtering in the Campus
Control Route Advertisements Default
& other
Routes
Bandwidth is not a constraining
factor in the campus but it is still
advisable to control number of
routing updates advertised Si Si
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
EIGRP Routed Access Campus Design
Summary Default
& other
Routes
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Enterprise Campus Design:
Routed Access
Agenda
Introduction
Cisco Campus Architecture Review
Campus Routing Foundation and Best Practices
Building a Campus Network with no L2 Loops: a Routed
Access Design
EIGRP Design to Route to the Access Layer
OSPF Design to Route to the Access Layer
Other Design Considerations
Routed Access Design and VSS
Routed Access Design for IPv6
Impact of Routed Access Design for Advanced
Technologies
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Deploying a Stable and Fast
Converging OSPF Campus Network
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
OSPF Design Rules for HA Campus
Where Are the Areas?
Area 100 Area 110 Area 120
Area size/border is bounded by the
same concerns in the campus as
the WAN
In campus the lower number of Si Si Si Si Si Si
nodes and stability of local links
could allow you to build larger
areas however-
Area design also based on Area 0
address summarization Si Si
Si Si
Keep area 0 for core infrastructure
do not extend to the access
routers
WAN Data Center Internet
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Hierarchical Campus Design
OSPF Areas with Router Types
Area 10 Area 20 Area 30
Internal Internal
Access
ASBR
Distribution ABR Si Si ABR
Si Si
Si
Si
Area 300
Converting L2 switches to L3
within a contiguous area is
reasonable to consider as long as
new area size is reasonable
Si Si
Area 0
How big can the area be?
Core
It depends
Switch type(s)
Number of links
Stability of fiber plant Area 200
Branches
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
When a Link Changes State
LSA
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
OSPF LSA Process
LSAs Propagate the Event
OSPF is a Link State protocol; it
Area 0
relies on all routers within an area
LSA
SPF2 SPF2
LSA
having the same topology view of Access
the network.
If a route is lost, OSPF sends out an
LSA to inform it‘s peers within the LSA
SPF 2 LSA
SPF 2 Distribution
Si Si
Si Si
Backbone
ABR Forwards the
Area 0
Following into an Area
Summary LSAs (Type 3)
Distribution Config
ASBR Summary (Type 4) router ospf 100
Specific Externals (Type 5) area 120 range 10.120.0.0 255.255.0.0 cost 10
Si networkSi 10.120.0.0 0.0.255.255 area 120
network 10.122.0.0 0.0.255.255 area 0
Area 120
Access Config:
router ospf 100
network 10.120.0.0 0.0.255.255 area 120
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
OSPF Stub Area
Consolidates Specific External Links—Default 0.0.0.0
Eliminates External Routes/LSA Present in Area (Type 5)
Si Si Backbone
Area 0
Distribution Config
Stub Area ABR Forwards router ospf 100
Summary LSAs area 120 stub
Summary 0.0.0.0 Default Si area 120
Si range 10.120.0.0 255.255.0.0 cost 10
network 10.120.0.0 0.0.255.255 area 120
network 10.122.0.0 0.0.255.255 area 0
Area 120
Access Config:
router ospf 100
network 10.120.0.0 0.0.255.255 area 120
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
OSPF Totally Stubby Area
Use This for Stable—Scalable Internetworks
Si Si
Backbone
Area 0
Distribution Config
A Totally Stubby Area router ospf 100
ABR Forwards area 120 stub no-summary
Summary Default Si area 120
Si range 10.120.0.0 255.255.0.0 cost 10
network 10.120.0.0 0.0.255.255 area 120
network 10.122.0.0 0.0.255.255 area 0
Area 120
Access Config:
router ospf 100
network 10.120.0.0 0.0.255.255 area 120
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Summarization Distribution to Core
Reduce SPF and LSA Load in Area 0
Minimize the Number of LSAs and the Need for Any SPF
Recalculations at the Core
Si Si
Backbone ABRs Forward
Area 0 Summary 10.120.0.0/16
Distribution Config
router ospf 100
Area Border Router area 120 stub no-summary
Si area 120
Si range 10.120.0.0 255.255.0.0 cost 10
network 10.120.0.0 0.0.255.255 area 120
network 10.122.0.0 0.0.255.255 area 0
Area 120
Access Config:
router ospf 100
network 10.120.0.0 0.0.255.255 area 120
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
OSPF Design Considerations
What Area Should the Distribution Link Be In?
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Subsecond Hellos
Neighbor Loss Detection—Physical Link Up
Access Config:
interface GigabitEthernet1/1
dampening
ip ospf dead-interval minimal hello-multiplier 4
ip ospf network point-to-point
router ospf 100 A B
timers throttle spf 10 100 5000
timers throttle lsa all 10 100 5000
timers lsa arrival 80
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
OSPF Timer Tuning
High-Speed Campus Convergence
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
OSPF Requires Sub-Second Throttling
of LSA Timers to Speed Convergence
OSPF has an SPF throttling timer designed
to dampen route recalculation 6 5.68
Time [ms]
SPF Calculations
Introduction
Cisco Campus Architecture Review
Campus Routing Foundation and Best Practices
Building a Campus Network with no L2 Loops: a Routed
Access Design
EIGRP Design to Route to the Access Layer
OSPF Design to Route to the Access Layer
Other Design Considerations
Routed Access Design and VSS
Routed Access Design for IPv6
Impact of Routed Access Design for Advanced
Technologies
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Routing Protocol Churn Can Be
Reduced with IP Event Dampening
Down
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Redundant Supervisors with L3
Non-Stop-Forwarding with Stateful Switchover (NSF/SSO)
Active Standby
Supervisor Synchronization Supervisor
RP CPU Configuration
RP CPU
Routing Protocol
process
Control Path
Hardware Tables
Hardware Synchronization Hardware
FIB Adjacency FIB Adjacency
Table Table Table Table
Forwarding Path
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Using Redundant Supervisors at the
Access Layer with SSO
NSF-Aware
Router#sh ip protocol Router#sh ip ospf
*** IP Routing is NSF aware *** Routing Process "ospf 100" with ID 10.120.250.4
Start time: 00:01:37.484, Time elapsed: 3w2d
Routing Protocol is "eigrp 100 100" Supports Link-local Signaling (LLS)
<snip
EIGRP NSF-aware route hold timer is 240s <snip>
Non-Stop Forwarding enabled, last NSF restart
EIGRP NSF enabled 3w2d ago (took 31 secs)
NSF-Capable
Recommendation Is to Not Tune IGP Hello Timers. Use Default Hello and Dead
Timers for EIGRP/OSPF When Peering to a Device Configured for NSF/SSO
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Using Redundant Supervisors at the
Access Layer, Now with NSF/SSO
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Design with Redundant for NSF/SSO
Status of Uplinks of the Supervisor
• Catalyst 4500 Supervisor II+, Supervisor
Cisco Catalyst 4500: supervisor IV: 2 x GigE ports are active
uplink ports are active and forward 1/1 1/2
traffic as long as the supervisor is
fully inserted 2/1 2/2
Cisco Catalyst 6500: both the active 1/1 1/2 1/3 1/4 1/5 1/6
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Design Consideration with StackWise at
the Access Layer
Recommended Design:
Configure priority for master and its backup
for deterministic failures
Avoid using master as uplink to reduce
Si Si
uplink related losses
Use ―stack-mac persistent timer 0‖ to
avoid the gratuitous ARP changes for
Best convergence
Where GARP processing is disabled in
the network, e.g. Security
Where network devices/host do not Si Si
support GARP, e.g. Phones
Upstream traffic is not interrupted by
master failure
Downstream traffic is interrupted due
to routing protocol restart and Access
Master
adjacency reset S1 S2 Si S3
Run 12.2(37)SE or higher for NSF support
Single logical Switch
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Routed Access Does Not Require
Switch Management Vlan
In the L2 design it was considered a best SNMP
Server
Si Si
interface Loopback0
description Dedicated Switch Management
ip address 10.120.254.1 255.255.255.255
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Enterprise Campus Design:
Routed Access
Agenda
Introduction
Cisco Campus Architecture Review
Campus Routing Foundation and Best Practices
Building a Campus Network with no L2 Loops: a
Routed Access Design
Routed Access Design and VSS
Routed Access Design for IPv6
Impact of Routed Access Design for Advanced
Technologies
Summary
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Virtual Switch
Catalyst 6500 Virtual Switching System (VSS)
Virtual Switching System consists of two Catalyst 6500‘s defined as
members of the same virtual switch domain running a VSL (Virtual
Switch Link) between them
Single Control Plane with Dual Active Forwarding Planes
Extends NSF/SSO infrastructure to Two Switches
Virtual Switch Link (VSL)
Virtual Switch Domain
Si Si
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Virtual Switch System
Multi-Chassis Etherchannel
Multi-Chassis Etherchannel
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Virtual Switch System
Impact to the Campus Topology
BRKCRS-3035
Presentation_ID – Advance Enterprise
© 2010 Cisco and/or Campus Cisco
its affiliates. All rights reserved. Design:
Public Virtual Switching System (VSS)81
Leveraging EtherChannel
Time to Recovery
1 Link failure detection
Link Failure
2 Removal of the Portchannel entry 1 Detection
in the software
3 Update of the hardware Portchannel
indices
Si Si
4 Notify the spanning tree and/or routing
protocol processes of path cost
change 2
Catalyst Switch Routing Protocol
4 Process
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
VSS and Routed Access Design
Link Down Convergence Without VSS
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
VSS and Routed Access Design
Link Down Convergence with VSS MEC
Downstream IGP reroute
Upstream CEF ECMP
Access layer switch has one neighbour
Distribution switch has neighbour count
reduced by half Si
Si
0
1000 3000 6000 9000 12000
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public Number of Routes - Sup720C 84
VSS and Routed Access Design
Enable MEC Links in L3 Core—Best Multicast
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Enterprise Campus Design:
Routed Access
Agenda
Introduction
Cisco Campus Architecture Review
Campus Routing Foundation and Best Practices
Building a Campus Network with no L2 Loops: a
Routed Access Design
Routed Access Design and VSS
Routed Access Design for IPv6
Impact of Routed Access Design for Advanced
Technologies
Summary
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Campus IPv6 Deployment
Three Major Options
IPv6/IPv4 Dual Stack Hosts
Dual Stack
Dual Stack
v6- v6- Core Layer
Enabled Enabled
Aggregation
v6-Enabled v6-Enabled Layer (DC)
Access
Layer (DC)
Dual-stack
Server
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Campus IPv6 Deployment
Three Major Options
IPv6/IPv4 Dual Stack Hosts
1. Dual-stack—The ideal way
to go for obvious reasons: Access
performance, security, Layer
QoS, Multicast and management
ISATAP
ISATAP
Distribution
Layer
2. Hybrid—Dual-stack where NOT v6- NOT v6-
Enabled Enabled
possible, tunnels for the
rest, but all leveraging the
existing design/gear
v6- v6- Core Layer
Enabled Enabled
Service Block—A
Dual Stack
Dual Stack
new network block used
for interim connectivity for Aggregation
v6-Enabled v6-Enabled Layer (DC)
Access
Layer (DC)
Dual-stack
Server
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Campus IPv6 Deployment
Three Major Options
VLAN 2 VLAN 3 IPv4-only
Campus
1. Dual-stack—The ideal way Block
to go for obvious reasons:
performance, security, Access
ISATAP
QoS, Multicast and managementLayer
Internet
3. IPv6 Service Block—A
new network block used
for interim connectivity for Agg IOS FW
IPv6 overlay network Layer
Access
Layer
1
WAN/ISP Block
Data Center Block
Work the same with Routed Access
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Routed Access Layer and IPv6
Support for Dual Stack Deployment
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Routed Access Layer and IPv6 For Your
Dual Stack Deployment Sample Reference
Dual Stack
Dual Stack
ipv6 nd managed-config-flag Enabled Enabled
ipv6 nd other-config-flag
ipv6 dhcp relay destination 2001:DB8:CAFE:10::2
ipv6 ospf 1 area 2 v6- v6- Core Layer
Enabled Enabled
ipv6 cef
!
[...]
ipv6 router ospf 1 Aggregation
router-id 10.120.2.1 v6-Enabled v6-Enabled Layer (DC)
log-adjacency-changes
auto-cost reference-bandwidth 10000
Access
area 2 stub no-summary Layer (DC)
passive-interface Vlan2
timers spf 1 5
Dual-stack
Server
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Routed Access Layer and IPv6 For Your
Dual Stack Deployment Sample Reference
Dual Stack
Dual Stack
ipv6 ospf hello-interval 1 Enabled Enabled
ipv6 ospf dead-interval 3
ipv6 cef
! v6- v6- Core Layer
Enabled Enabled
interface GigabitEthernet1/0/26
description To 6k-dist-2
ipv6 address 2001:DB8:CAFE:1101::CAC1:3750/64
no ipv6 redirects Aggregation
ipv6 nd suppress-ra v6-Enabled v6-Enabled Layer (DC)
ipv6 ospf network point-to-point
ipv6 ospf 1 area 2
Access
ipv6 ospf hello-interval 1 Layer (DC)
ipv6 ospf dead-interval 3
ipv6 cef
Dual-stack
Server
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Enterprise Campus Design:
Routed Access
Agenda
Introduction
Cisco Campus Architecture Review
Campus Routing Foundation and Best Practices
Building a Campus Network with no L2 Loops: a
Routed Access Design
Routed Access Design and VSS
Routed Access Design for IPv6
Impact of Routed Access Design for Advanced
Technologies
Summary
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Analyzing the Impact on Advanced
Technologies
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Network Virtualization
Functional Architecture
GRE MPLS
VRFs VPNs
Ethernet
VRFs
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Virtualizing at the Access Layer
VLANs to VRF Mapping Configuration
ip vrf Red
rd 1:1
!
ip vrf Green Defining the VRFs
rd 2:2
!
vlan 21
name Red_access_switch_1
!
vlan 22
name Green_access_switch_1
! Defining the VLANs
interface Vlan21 (L2 and SVI) and Mapping
description Red on Access Switch 1 Them to the VRFs
ip vrf forwarding Red
ip address 10.137.21.1 255.255.255.0
!
interface Vlan22
description Green on Access Switch 1
ip vrf forwarding Green
ip address 10.137.22.1 255.255.255.0
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Virtualizing at the Access Layer
Routing Protocol VRF Configuration
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
Network Virtualization and Routed Access
Path Isolation Issues—VRFs to the Edge (Cont.)
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Routed Access Campus Design
End to End Routing: Fast Convergence and Maximum Reliability
Si Si
B
B
Si Si Si Si
Si Si Si Si
Si Si Si Si
B
B
Si Si
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
Summary
Easier Troubleshooting
http://www.cisco.com/go/srnd
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
Meet the Engineer
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
BRKCSR-3036 Recommended Reading
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 107