4500X as collapsed core design

We have 2 4500x switches with Ent Services licences.  The plan is to replace the current core routers with a L3 switched core using the 4500x with VSS.  The core will connect 3 building data closets, a local data center and 18 remote WAN sites.  Engineering the remote sites is where I need some advise.
The in place design has fiber from each remote site connected to a 1 gigabit interface on a Ciena L2 distribution switch.  The Ciena switch is connected to the core router via a gigabit Ethernet interface.  The interface on the router is divided into 18 sub interfaces one for each branch.  Each sub interface has a service policy that shapes the traffic to varying bandwidths in increments of 10mbps up to 50mbps.
The proposed design involves connecting the the Ciena switch to the 4500x VSS pair using 2 10 gigabit Ethernet interfaces.  The connections to the Ciena would be L2 and the 4500x would have SVIs for each branch connection.  The problem is that the 4500x does not allow traffic shaping on an SVI.  Also you can not configure sub interfaces on a routed interface on the 4500x.  
Since the Ciena will be connected to the core via 20Gbps would it be necessary to shape traffic to the core from the remote sites?  The only concern I have regarding not shaping traffic is that there is a potential to oversubscribe other segments of the network like the data center and the internet link.
Is there another way that we can shape traffic to remote sites?  I was thinking if we put a router between the 4500x and the Ciena this would work but I would have to get a pretty beefy router to support 20Gbps.
Thanks

I've installed several in use cases like the one you describe. Functionally they pretty much suffice.
If you're a small shop and don't otherwise use Nexus gear, there is the learning curve of NX-OS and the associated technologies like VPCs and FEXes. It's not super hard, but different from IOS with different design considerations.
There are some features on the Nexus (like unified ports) not available on a Catalyst switch and vice versa (e.g. VSS).

Similar Messages

  • Collapsed core network design

    I am a consultant, currently a CCNA studying for the CCNP, and I have been mandated to design the network infrastructure for the corporate head office of a mid sized company.
    My design is based on a collapsed core network, with 2 x 4900M Switches as the core/distribution and a bunch of 2960S switches for each floor of the building.
    While reading the CCNP book, I noticed I had a design 'flaw'...  Like the partial diagram below (this is not the actual design), I was planning on linking the two 4900M with a layer 2 etherchannel, and using 1 MST region with 2 instances to split the VLANs between the two core switches.
    The CCNP curriculum recommends using a Layer 3 link between the core switches. I'm not sure what the benefit of doing so would or the drawback of using Layer 2 is? Any input would be more than appreciated...
    Thanks,
    Marc

    I understand that it reduces the chances of loops, but spanning tree is still required/running no? I'm going to lab this today and come back with observations or questions if I have any
    Thanks for your time,
    Marc

  • Collapsed Core / Distribution VLAN Config

    Hi Guys,
    I was wondering if you could provide me with some insight.
    If I have 2 L3 devices in my collapsed core and distribution layer, how do I go about configuring VLANS?
    Currently I have 2 Core/Dist Switches both running L3 and 5 Access Switches
    I've configured STP and VTP accross the campus and all is working well.
    Now, a sh run from core1 shows vlan information including ip address of interface for the vlan etc, but core2 doesn't, it's aware of the VLANs due to VTP but doesn't display any interface information.
    If Core1 was to fail, how does my network know how to route? 
    is this design recommended?

    The following is only my opinion:
    VTP mode transparent across all devices. Unless you are doing some sort of 802.1x authentication I don't see a need, just headaches.
    Make one of the collapsed core members the STP root via the spanning tree prior 0 command for all vlans. Set the other member as a backup with the spanning tree prior 4096 or some other small value for all vlans.
    Create a trunk between the collapsed core members trunking all vlans.
    Create a trunk from each access switch to each collapsed core member and trunk the appropriate vlans, or all.
    Create your layer 3 interfaces for the vlans on the collapsed core members and set up redundancy via HSRP or VRRP. 

  • Cor design pattern

    I use cor design pattern little different than what I see in google.
    here is m y cor
         public static  abstract  class CORHandler    {
              CORHandler  nextHandler;
              public void process(){
                   if(canHandleRequest()){
                        handleRequest();
                   }else {
                        if(nextHandler!=null) nextHandler.process();
              protected abstract  boolean canHandleRequest();
              protected abstract void  handleRequest();
              public void setNextHandler(CORHandler  corHandler){
                   nextHandler=corHandler;
         }this serves most of my need and also I can override process method for change behaviour .
    this code helps me save lots of if/else conditions , I am not passing any object to the method here reason is I use this always as inner class inside a method so I can access all final fields
    advice me is this right when applying cor pattern?

    Making it a base class increases connectivity to no good purpose.
    It violates the concept of inheritance by making the objects COR classes which is not what they are.
    It violates the principal of COR in that the intent is to handle a responsibility not all responsibilities. This same problem obscures the pattern as well by eliminating the objects to be acted upon.

  • Nexus 6001 for small DC as a collapsed core/distribution instead of 4500X

    Hi,
    I am looking for a switch platform for a small DC that can provide high density 10G and good L3 performance. I was thinking of Nexus 6001 as L3 performance is better thant 5548/5596 and it supports FabricPath. Than I have also looked at the 4500X but I think that it is more a campus switch than a DC switch. Moreover I would like to get rid of Spanning Tree ;-)
    My last concern is what is the difference in the buffer capacity (when talking 10G to 1G conversion) when comparing the Nexus 6001 to the CAT4500X?
    Thanks in advance,
    Regards,
    Laurent

    Hi,
    Any ideas?
    Regards,
    Laurent

  • Swing components core design

    does the swing components, all the J... components, designed using other swing or AWT components?
    I mean a JButton is actually a panel with an image or some thing like that?
    I would like to read about these things, does any one know where to find some reading materials on the subject it would be great.
    the tutorial of each component as far as i remember does not discus the issue.
    thanks, Adam.

    i did look at the hierarchy of the components and it didn't tell me anything newIt tells you a JButton is NOT a panel with an image on it!
    java.lang.Object
      java.awt.Component
          java.awt.Container
              javax.swing.JComponent
                  javax.swing.AbstractButton
                      javax.swing.JButtonIt also tells you a lot of the painting code is going to be in AbstractButton with customizations in JButton.

  • Help need for placement of firewalls at the core design

    Hello all,
    I am planning to implement edge and core firewalls in the datacenter. We have 2 core Nexus 7Ks which does layer 3 routing for core for our internal vlans. Our edge firewall are connected directly to Nexus core. This should provide the north to south traffic protection. All our servers are running on VMware installed on UCS. UCS is connected through nexus 5ks. Some standalone devices/servers are connected through 2ks. Most of the stuff is on vmware. I want to implement core firewalls but confused a little bit about where to place the firewalls in the network. Basic idea is to have seperation between the 3 tiers application, web and database for compliance and secuirty purposes. Basically while researching on the net I got 2 options to go,
    1. Have 2 firewwall in active/standby connected to nexus5k at transparent mode and trunk all the vlan traffic which needs to be inspected.These will be different from the edge firewalls. This will be for east to west traffic.
    2. Implement VSG and ASA1000v since both are complementary to each other and should have nexus 1000v to implement it.
    Please help me to decide which way to go in terms of scaling the network.

    forgot to add the screen shots here they are
    File Receiver Channel
    In Second ICO : I have configured the sender FileChannel as below
    This file sender channel will pick the file based on the trigger file concept . if abc.trg then pick the mainpaylaod with extension   abc.xml .

  • Best practice for intervlan routing?

    are there some best practices for intervlan routing ?
    I've been reading allot and I have seen these scenarios
    router on a stick
    intervlan at core layer
    intervlan at distribution layer.
    or is intervlan needed at all if the switches will do the routing?
    I've done all of the above but I just want to know what's current.

    The simple answer is it depends because there is no one right solution for everyone. 
    So there are no specific best practices. For example in a small setup where you may only need a couple of vlans you could use a L2 switch connected to a router or firewall using subinterfaces to route between the vlans.
    But that is not a scalable solution. The commonest approach in any network where there are multiple vlans is to use L3 switches to do this. This could be a pair of switches interconnected and using HSRP/GLBP/VRRP for the vlans or it could be stacked switches/VSS etc. You would then dual connect your access layer switches to them.
    In terms of core/distro/access layer in general if you have separate switches performing each function you would have the inter vlan routing done on the distribution switches for all the vlans on the access layer switches. The core switches would be used to route between the disribution switches and other devices eg. WAN routers, firewalls, maybe other distribution switch pairs.
    Again, generally speaking, you may well not need vlans on the core switches at all ie. you can simply use routed links between the core switches and everything else. 
    The above is quite a common setup but there are variations eg. -
    1) a collapsed core design where the core and distribution switches are the same pair. For a single building with maybe a WAN connection plus internet this is quite a common design because having a completely separate core is usually quite hard to justify in terms of cost etc.
    2) a routed access layer. Here the access layer switches are L3 and the vlans are routed at the access layer. In this instance you may not not even need vlans on the distribution switches although again to save cost often servers are deployed onto those switches so you may.
    So a lot of it comes down to the size of the network and the budget involved as to which solution you go with.
    All of the above is really concerned with non DC environments.
    In the DC the traditional core/distro or aggregation/access layer was also used and still is widely deployed but in relatively recent times new designs and technologies are changing the environment which could have a big impact on vlans.
    It's mainly to do with network virtualisation, where the vlans are defined and where they are not only routed but where the network services such as firewalling, load balancing etc. are performed.
    It's quite a big subject so i didn't want to confuse the general answer by going into it but feel free to ask if you want more details.
    Jon

  • Transitioning from a 4507 to a 7009 - Recommendations and New Issue

    Any input you can provide is greatly appreciated! I am new to this position/employer and want to do the best job possible on this high visibility project. 
    I am responsible for transitioning our network devices from a 4507 to a 7009, while cleaning up, documenting, and designing our infrastructure.
    These devices are trunked together using 2 ports as an etherchannel.
    The 4507 has all our access devices (collapsed core design) attached to it, as well as the WLC, VG's, Cube, and our edge devices.
    The 7009 has all our servers and SAN connections.
    Luckily we have enough spare fiber connections and hardware that I can install newly updated and configured access devices and transition the access connections in an orderly manner while re-cabling/cleaning up the data closets.
    This is a lot of fun!
    Problem:
    I finally came across an issue after moving approximately 60 connections consisting of PC's, printers, copiers, and Cisco IP Phones.
    All of the PC's, phones, and printers were on separate VLAN's and I just recreated the VLAN and an SVI on the 7009 to facilitate connectivity.
    All of the phones, PC's and printers are working well.
    I noticed that whomever set up the copiers did not associate them with a unique VLAN, like all our other devices, and they are connected via VLAN1 to the 4507.
    All the copiers are in the same subnet, 13 devices in total.
    On the 4507 there is a Static route for this subnet, directly connected via VLAN1.
    I connected a copier to the 7009 and attempted to configure a static route similar to what was done on the 4507.
    I received the following error: "*Next-hop cannot be local address in same or different vrf"
    None of the info I found regarding this error helped illuminate (in my head) a path to fixing the problem. So I decided to go with what I know that works.
    Possible Fix:
    My plan is to create a new VLAN and SVI's on both devices that are associated with the current subnet in place. Then I will have to create the VLAN on each access device and assign it to the copiers access ports. This work can only be done after hours and/or on a weekend and my gut tells me there may be a better way.
    Does anyone have a suggestion for fixing this specific issue with the copiers?
    Does anyone have any suggestions in general regarding this entire transitioning project?
    Thanks for your time and take care.
    Rich 

      Not sure why you would even need a static route . A printer is no different than any other device , just put it in the required vlan  defined with the current addressing scheme if you are keeping it as is currently . If you don't want to use vlan 1 choose a different one such as vlan 100 say and create the SVI using the current  address scheme on vlan 1 . 

  • MSTP on Access Layer Switches

    Hello everyone,
    When configuring MST for STP, is there a need to configure it on access layer switches in a collapsed core design?  I can find docs to configure the root and secondary root bridges but I don't see anything about configuring access layer switches.  In RSTP, you configure it on all switches cooperating in STP and set the root and secondary bridges accordingly.  Any help is appreciated.
    Regards,
    Terence

    Hi,
    You should configure your access switches for MST as well so you are using the same STP for core and access.  The only difference between the core and access is that the core is root and back up root for STP and the access layer is just default (32768).
    HTH

  • Configuring Root Bridge Primary and Secondary on a Switch Stack

    Hi, Consider a small LAN using a collapsed core design with two Catalyst 3650 switches in a stack as the core/distribution layer. There are several 2960X switches with cross-stack EtherChannels to the 3650's. After enabling Rapid-PVST, best practice would be to configure the root bridge. The question is, would it be sufficient to configure the stack to be the Root Primary and not configure a secondary, based on a failure of the stack master switch would elect the slave to become the stack master and effectively become the root bridge?
    Thanks
    Tony

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    BTW, don't know if issue also applies to 3650 stacks, but on 3750 stacks, if stack master fails, I believe your port channels will reset because, by default, stack's MAC changes.  However (again at least for 3750s), the stack can be configured to retain the original master MAC.

  • Data Center Design: Nexus 7K with VDC-core/VDC-agg model

    Dear all,
    I'm doing with a collapsed VDC-core/VDC-agg model on the same chassis with 2  Redundant Cisco Nexus 7010 and a pair of Cisco 6509 used as a Service  Chassis without VSS. Each VDC Core have redundant link to 2 PE based on  Cisco 7606.
    After reading many design document of Cisco, I'm asking  what is the need of a Core Layer in a Data Center especially if it is  small or medium size with only 1 aggregation layer and dedicated for a Virtualized Multi-Tenanted environement? What is driving to have a core layer?
    Thanx

    If your data center is small enough to not require a core, then its fine to run with a collapsed core (distribution + core as the same device).  For a redundant design you need to uplink all your distribution switches to each of your cores.  If you have no cores, then you need full mess at your distribution layer (for full redundancy).
    Lets say you have only 4 distribution pairs...so 8 switches  For full redundancy each one needs uplink to each other.  This means you need 28 total ports used to connect all the switches together (n(n-1)/2).  Thats also assuming 1 link to each device.  However if you had redundant cores, the number of links used for uplinks reduces to 21 total links (this includes links between each distribution switch in a site, and link between the two cores).  So here you see your only saving 7 links.  Here your not gaining much by adding a core.
    However if you have 12 distribution pairs...so 24 switches.  Full redundancy means you have 276 links dedicated for this.  If you add a core, this drops to 61 links.  Here you see the payoff.

  • Identification of Core and Distribution Layer Design

    Hi 
    I am a CCNA certified and I am doing a job as an IT technician here in UAE. I'm the only IT person in my company. Having no prior experience in networking field, I find myself in a pickle. With the help of CDP, I have figured out the network diagram. I am told that there is a COLLAPSED CORE network running in my company. I cannot identify the Core switches here. My question is how to identify the the core switches? We have two internet connections in two separate buildings. Can somebody please help me out. Please..

    Generally speaking with a L2 access layer to L3 distribution switches the default gateways of the vlans are on the distribution switches.
    The core switches are used when you need to interconnect multiple distribution switches eg. a campus LAN type environment.
    In many sites if you only have one building the core and distribution switches are the same pair of switches but to be precise the default gateways are not on the core but the distribution switches.
    If you have a separate pair of core switches you usually connect your distribution switches using L3 links so again the STP root for the vlans would actually be the distribution switches for the vlans they route for and not the core switches.
    Separate core switches are basically just a high speed interconnect between your distribution pairs and should be left to do that so the routing between vlans, acls etc. are done locally on the distribution switches and only traffic for remote vlans/IP subnets ie. those on other distribution switches would go via the core switches.
    If the same pair of switches is used for both functions then all routing between vlans and routing to remote networks is done by that pair.
    Jon

  • LAN / Office Design

    Hi All,
    Not exactly sure on the best place to put this but hopefully a few of you have some advice/experience to share on my query.
    Basically going to be doing a rip / replace as moving to a new office. Will be reusing a few of the 3850 switches we have, but buying more also.
    Office is one floor with around 350 users in total. There is the one comms room where all the networking kit will be located and some servers/UCS
    Should I be following the Cisco hierarchical model of Access / Distro / Core or look at a collapsed backbone? With this being a blank canvas would like to make it as scalable and future proof as possible. 
    The initial thought was to have a stack of 3850s running IPBASE as the Access Layer, and further smaller stack of 3850s with IPSERVICES running as a collapsed Core / Backbone. I've plenty experience in administering networks that are already in place, but just started on the Design side of my studies and would welcome any advice / expertise.
    If I went for the above, would I have the L3 switching on the Access Stack, and a default route the up to the Core/Dsitro for getting out to the WAN?
    Any pointers / thoughts welcome ;-)
    Thanks

    Hi there,
    The 3850 would be a good choice for your access layer. Since you are looking at a L2 access layer you may want to consider 2960's; less features, smaller number of stack members, but much cheaper.
    Given the comparitely small user base I wouldn't entertain the idea of a L3 edge, purely on the grounds of licensing costs. You would not see enough L2 traffic on your core switches to warrant moving the MAC addresses out to the edge.
    Plus with the money saved by going 2960/L2 edge, you could get a fancy 4500X core switch :)
    cheers,
    Seb.

  • Collapsed Data Center Tier - Best Practice

    Hey guys,
    I'm working with a company who's doing a Data Center build-out. This is not a huge build out and I don't believe I really need a 2 tier design (access, core/aggregation). I'm looking for a 1 tier design. I say this because they only really have one rack of hosts - and we are not connected to a WAN or campus network - we are a dev shop (albeit a pretty damn big dev shop) who hosts internet sites and web applications to the public. 
    My network design relies heavily on VRF's. I treat every web application published to the internet as it's town "tenant" with one leaked route which is my managment network so I have any management servers ( continues deployment, monitoring, etc...) sitting in this subnet that is leaked. Each VRF has their own route to a virtual firewall context of their own and out to the internet. 
    Right now we are in a managed datacenter. I'm going to be building out their own switching environment utilizing the above design and moving away from the managed data center. That being said I need to pick the correct switches for this 1 tier design. I need a good amount of 10gbe port density (124 ports minimum). I was thinking about going with 4 5672UP or 4 C3064TQ-10GT - these will work as both my access and core (about 61 servers, one fiber uplink to my corporate network, and one fiber uplink to a firewall running multiple device contexts via multiple vlans) 
    That being said - With the use of VRFs, VLAN, and MP-BGP (used to leak my routes) what is the best redundancy topology for this design. If I was using catalyst 6500's I would do VSS and be done with it - but I don't believe vPC on the nexus switches traffic and is really more for a two tier model (vPC on two cores, aggregation/access switch connects up to both cores but it looks like one.) What I need to accomplish sounds to me that I'm going to be doing this the old fashion way , running a port channel between each switch, and hopefully using a non STP method to avoid loops. 
    Am I left with any other options? 

    ISP comes into the collapsed core after a router. A specific firewall interface (firewall is in multi context mode) sits on the "outside" vlan specific to each VRF. 

Maybe you are looking for