In a huge campus network design, should be the Core layer operate on L3 if the Distribution is operating on L3?

Similar Messages

• Small campus network design

  We have a new building about 300 meters from our main data center. 8 catalyst 4500 series switches will be installed for access layer. We are running a Nexus 7k on our data center, with a user VDC that we plan to connect these access layer switches. I plan to use two of eight
  switches as the distribution/access layer switches (I plan to run two to four fiber from the Data center to these two switches and distribute the connection to the rest of the switches). Is what I am planning to do going to be practical? Please advice me the best approach/options to connect this small campus.

  If you have enough fiber (2x8=16 pairs) between the data center and the campus, you can directly run all the access switches to the 7k and no need for distribution switches.
  Also you said, you have one 7k. For redundancy you really need 2 7ks.
  As for VDC, if this is all for the same organization, there is no need to connect the access switches to a different VDC.  If you do connect them to a different VDC and the users need to talk to data center you would need to run a physical cable between the data center VDC and the Campus VDC which defeat  the purpose.
  HTH

• Campus Network Question

  In a Campus Network design where you have Core switch, Distribution switch and Access switch layers and SVI's acting as your gateways for different VLANs.
  Since it is advised that Core Switches should be the root bridges, does that mean that the Core Switches should be the default gateways for your Vlans?
  I thought that it was the job of the distribution layer for being the default gateways.
  Anyone clarify?

  hi friend,
  It generally depends on your LAN design.
  If you follow Cisco's 3 tier architecture, you should restrict your VLAN boundaries on the distribution switch and should be running a L3 link between the core and the distribution. This means the SVI's are created on the distribution switch which will act as gateways for your VLANs.
  This helps in restricting the broadcasts from reaching the core.
  If your LAN is actually a collapsed core, you end up configuring the SVIs on the distribution switch which also acts as your core.
  HTH, rate if it does
  Narayan

• Ask the Expert: Hierarchical Network Design, Includes Core, Distribution, and Access

  Welcome to the Cisco® Support Community Ask the Expert conversation.  This is an opportunity to learn and ask questions about hierarchical network design. 
  Recommending a network topology is required for meeting a customer's corporate network design  needs in their business and technical goals and often consists of many interrelated components. The hierarchical design made this easier like "divide and conquer" the job and develop the design in layers.
  Network design experts have developed the hierarchical network design model to help to develop a topology in discrete layers. Each layer can be focused on specific functions, to select the right systems and features for the layer.
  A typical hierarchical topology is
  A core layer of high-end routers and switches that are optimized for availability and performance.
  A distribution layer of routers and switches that implement policies.
  An access layer that connects users via lower-end switches and wireless access points.
  Ahmad Manzoor is a Senior Pre-Sales Engineer at AGCN, Pakistan. He has more than 10 years of experience in first-rate management, commercial and technical skills in the field of data communication and services lifecycle—from solution design through sales pitch, designing RFPs, architecture, and solution—all with the goal toward winning projects (creating win/win situations) of obsolete solutions.  Ahmad also has vast experience in designing end-to-end data centers, from building infrastructure design to data communication and network Infrastructure design. He has worked for several large companies in Pakistan and United Arab Emirates markets; for example, National Engineer, WATEEN Telecom, Emircom, Infotech, Global Solutions, NETS International, Al-Aberah, and AGCN, also known as Getronics, Pakistan.
  Remember to use the rating system to let Ahmad know if he has given you an adequate response. 
  Because of the volume expected during this event, Ahmad might not be able to answer every question. Remember that you can continue the conversation in the  Solutions and Architectures under the sub-community Data Center & Virtualization, shortly after the event. This event lasts through August 15, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Dear Leo,
  We are discussing the following without any product line, discussing the concept of hierarchical design, which will help you to take decision which model is better for you Two Layer or Three Layer hierarchical model.  
  Two-Layer Hierarchy
  In many networks, you need only two layers to fulfill all of the layer functions—core and aggregation
  Only one zone exists within the core, and many zones are in the aggregation layer. Examine each of the layer functions to see where it occurs in a two-layer design:
  Traffic forwarding—Ideally, all interzone traffic forwarding occurs in the core. Traffic flows from each zone within the aggregation layer up the hierarchy into the network core and then back down the hierarchy into other aggregation zones.
  Aggregation—Aggregation occurs along the core/aggregation layer border, allowing only interzone traffic to pass between the aggregation and core layers. This also provides an edge for traffic engineering services to be deployed along.
  Routing policy—Routing policy is deployed along the edge of the core and the aggregation layers, generally as routes are advertised from the aggregation layer into the core.
  User attachment—User devices and servers are attached to zones within the aggregation layer. This separation of end devices into the aggregation permits the separation of traffic between traffic through a link and traffic to a link, or device. Typically, it is best not to mix transit and destination traffic in the same area of the network.
  Controlling traffic admittance—Traffic admittance control always occurs where user and server devices are attached to the network, which is in the aggregation layer. You can also place traffic admittance controls at the aggregation points exiting from the aggregation layer into the core of the network, but this is not common.
  You can see, then, how dividing the network into layers enables you to make each layer specialized and to hide information between the layers. For instance, the traffic admittance policy implemented along the edge of the aggregation layer is entirely hidden from the network core.
  You also use the core/aggregation layer edge to hide information about the topology of routing zones from each other, through summarization. Each zone within the aggregation layer should have minimal routing information, possibly just how to make it to the network core through a default route, and no information about the topology of the network core. At the same time, the zones within the aggregation layer should summarize their reachability information into as few routing advertisements as possible at their edge with the core and hide their topology information from the network core.
  Three-Layer Hierarchy
  A three-layer hierarchy divides these same responsibilities through zones in three vertical network layers,
  Traffic Forwarding—As with a two-layer hierarchy, all interzone traffic within a three- layer hierarchy should flow up the hierarchy, through the layers, and back down the hierarchy.
  Aggregation—A three-layer hierarchy has two aggregation points:
  At the edge of the access layer going into the distribution layer
  At the edge of the distribution layer going into the core
  At the edge of the access layer, you aggregate traffic in two places: within each access zone and flowing into the distribution layer. In the same way, you aggregate interzone traffic at the distribution layer and traffic leaving the distribution layer toward the network core. The distribution layer and core are ideal places to deploy traffic engineering within a network.
  Routing policy—The routing policy is deployed within the distribution layer in a three- layer design and along the distribution/core edge. You can also deploy routing policies along the access/distribution edge, particularly route and topology summarization, to hide information from other zones that are attached to the same distribution layer zone.
  User attachment—User devices and servers are attached to zones within the access layer. This separation of end devices into the access layer permits the separation of traffic between traffic through a link and traffic to a link, or device. Typically, you do not want to mix transit and destination traffic in the same area of the network.
  Controlling traffic admittance—Traffic admittance control always occurs where user and server devices are attached to the network, which is in the access layer. You can also place traffic admittance controls at the aggregation points along the aggregation/core edge.
  As you can see, the concepts that are applied to two- and three-layer designs are similar, but you have more application points in a three-layer design.
  Now the confusion takes place in our minds where do we use Two Layer and where the Three layer hierarchical model.
  Now we are discussing that How Many Layers to Use in Network Design?
  Which network design is better: two layers or three layers? As with almost all things in network design, it all depends. Examine some of the following factors involved in deciding whether to build a two- or three-layer network:
  Network geography—Networks that cover a smaller geographic space, such as a single campus or a small number of interconnected campuses, tend to work well as two-layer designs. Networks spanning large geographic areas, such as a country, continent, or even the entire globe, often work better as three layer designs.
  Network topology depth—Networks with a compressed, or flattened, topology tend to work better as two-layer hierarchies. For instance, service provider networks cover large geographic areas, but reducing number of hops through the network is critical in providing the services they sell; therefore, they are often built on a two-layer design. Networks with substantial depth in their topologies, however, tend to work better as three-layer designs.
  Network topology design—Highly meshed networks, with many requirements for interzone traffic flows, tend to work better as two-layer designs. Simplifying the hierarchy to two levels tends to focus the design elements into meshier zones. Networks that focus traffic flows on well-placed distributed resources, or centralized resources, such as a network with a large number of remote sites connecting to a number of centralized Data Centers, tend to work better as three-layer designs.
  Policy implementation—If policies of a network tend to focus on traffic engineering, two-layer designs tend to work better. Networks that attempt to limit access to resources attached to the network and other types of policies tend to work better as three-layer designs.
  Again, however, these are simple rules of thumb. No definitive way exists to decide whether a network should have two or three layers. Likewise, you cannot point to a single factor and say, “Because of this, the network we are working on should have three layers instead of two.”
  I hope that this helps you to understand the purposes of Two Layer & Three layer Hierarchical Model.
  Best regards,
  Ahmad Manzoor

• Network Designs

  Hi all
  I wanted to know if someone can give me some adivce,I've started my own consulting company and I have a client who wants a network redesign and a
  Core network design.Both of these are for different sites and I wanted to know what questions should I ask the client and is there some books that I can
  read upon about network design that will give me a good feel on how to proceed. I have a good ideal already about the hardware that is needed at each layer, but the network I learned on was a large enterprise network and these are smaller networks and I really want to do a good job for this user so that
  I can get repeat business.Thanks in advance and have a great day and I look forward to your replies.

  1) you should ask is why does the client want a network redesign and what are they looking to achieve by doing this ie. no one does a network redesign just for the fun of it
  2)  based on the answers to the first question you need to see the existing network design and then work out why it does not meet the clients needs.
  3) probably as important as anything else is what budget is available for the redesign ie. consultancy for you and hardware budget.
  4)  what inhouse experience the client has. You can setup the loveliest shiny network but if the customer cannot then support it it is not particularly useful to them.
  5) future plans for expansion for the client
  6) the hardest part - application, traffic patterns, bandwidth requirements of the network. Make sure you at least identify the apps that the client makes their money from and design accordingly.
  Don't decide on hardware before the design. The design dictates the hardware design and not the other way around. If you already have an idea of the hardware you are going to use you either have answers to all the above or you are getting ahead of yourself
  A good place for design info are Cisco's design papers -
  www.cisco.com/go/srnd
  Jon

• B2B network design example

  Hi Guys,
  can anyone give me an idea of how a B2B network design should look like? a url link to a desing example or a network diagram example will be appriciated.
  cheers

  This url might help....
  http://www.cisco.com/en/US/netsol/ns656/networking_solutions_design_guidances_list.html

• Location Aplliance will not synch network design

  2710 Location appliance running 4.0.33.0, WCS running 4.2.130.
  2 Campus Network Designs each with multiple buildings and floors. One can be assigned to the location server and synchroization works perfectly. The second network design shows unassigned. If I assign it to the location appliance and then sychronize network designs it reverts to unassigned.
  Has anyone run into this issue and been able to resolve it?

  1) Connect to LOCAPP CLI
  2) Stop the LOC Service(/etc/init.d/locserverd stop)
  3) Take the backup of Loation DB which can be found at /opt/locserver/db/linux/server-eng.db
  i.e. copy the server-eng.db to some other directory e.g. /home
  4) Delete the DB by issuing the command
  rm -f /opt/locserver/db/linux/server-eng.db
  5) Start the LOC service (/etc/init.d/locserverd start)
  6) Perform the sync. through WCS
  Hope this will help you...

• I have a gray globe and its says choose network what should i do

  I have a globe showing and it says pick network what should i do

  Hold down option key as you startup the computer.
  When you see the the available startup disks, select Macintosh HD.
  Reset PRAM.  http://support.apple.com/kb/PH4405
  Best.

• Layer 3 to the Access Layer and MPLS Design Considerations

  Hi,
  We are about to install a new network consisting of Cat 4500s with Sup7E at the Access Layer, with Nexus 7000 at the Distribution and Core layers.
  We have 14 floors with at least three 4500s on each floor. Within the office block where the Access Layer and Distribution Layer reside we need to support secure borderless networking using 802.1x to place users from different parts of the business into segregated networks at layer 3.
  All switches will have the feature sets to support MPLS/ VRF / OSPF / EIGRP / BGP etc.
  We quickly dismissed the idea of using VRF-Lite due to the sheer number of Vlans we would need to managage and maintain,  the point to point links alone just to get one additional VRF on each floor required far too many Vlans.
  As a result we are now considering deploying MPLS. The obvious benefits include scalability and manageability, the fact that all switch to switch links can now be routed, instead of having to using SVIs.
  My query is one of design surrounding MPLS and how this maps to an enterprise network with a routed access layer. Do Cat 4500s become the CEs and take part in MPLS / BGP and Label Distribution, or does the BGP peering and Label Distribution only occur between the Distrubtion - Core - Distrubtion layers, mapping to the PE - P - PE topology in an ISP environment, the access layer simply uses the IGP (OSPF in this case) to learn routes ?
  Any help would be greatly appreciated.
  Chris.

  Hi Andy,
  Thanks for your response.
  I have been doing a little bit more research it seems the Cat 4500s do not support MPLS!! Nor do Cisco have any plans to support it on this platform. I find this a little rediculous considering the level that Cisco are pitching this platform. With the Sup 7E only VRF Lite is supported, with plans to support EVN (which still uses trunk links for logical separation).
  So it looks like we are going to have to go back to the drawing board.
  (perhaps we should have gone HP or Juniper!)
  Chris.

• Office network design ideas..

  Hey all, we are upgrading to a Cisco network and wanted some input on our possible network design...
  Currently we have:
  A Juniper SSG 140 and IDP for our firewall and IDS
  3com (layer2/3) switches for our desktops
  2 Dell PowerConnect 5424 switches for our servers and firewalls
  2 Dell PowerConnect 5424 switches (separate network) for our SAN/VM hosts
  This is what we are thinking of for our next solution
  ASA 5512 for our firewall (I read we could possibly get a 25% performance speed improvement for user VPN connections?)
  2 WS-C3750x-48t-e (I think this does Layer 2/3) for our desktops
  2 WS-C3750x-48t-e for our firewalls/servers
  2 WS-C3750x-24P-L for our SAN/VM hosts
  The problem is different network services providers who are going to implement this for us are giving us different solutions
  Some desktop 3560X for desktops and 4948 for servers and others are telling me 3750x for desktops and Nexus 3048 switches for SAN
  Some are telling me we can keep SAN+VM+core traffic on the same switches and just separate them with VLANs while others are telling me we should get separate switches for them
  Basically, we just want a improved improvement with better PERFORMANCE and REDUNDANCY (esp with our core + SAN/VM traffic) without going overboard and spending a ton of money
  More thoughts:
  We need Layer 2/3 switches for core + SAN
  Do we need 10G ports?
  Let me know your thoughts...

  Hi There,
  the hardware selection actually depends on the network/site topology, number of users, traffic load and more other factors
  this is for IP network, for SAN do you mean iscsi, FCoE or pure FC SAN because these are different things and may change the HW selection,
  in general 3560 are good fro access switches and 3750 provide same capabilities with improved performance and support for swtckwise ( 3750 is a good option especially if you planing to stack them )
  for L3 it is supported on both but consider the license/image you buy with regard to the features you need
  nexus for Data center switch are the best as they are design for data center switching however you need to know, port density, 1G or 10G, do you need any FC SAN, DC load/capacity, any L3 function is required and future growth then you can decide if Nexus 3K or 5K is good for you or not
  N5K
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/data_sheet_c78-618603.html
  N3K
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps11541/at_a_glance_c45-648255.pdf
  if yo have a network topology with more details of what you need, post it here for more discussions
  hope this help
  if helpful rate

• Need help on network design

  Hi guys.
  Looking for some advice on a network design.
  Please tell me what you think may or may not be wrong or missing.
  Here are the details:
  The user count is approximately 600 (desktops, laptops and Cisco IP phones) with two locations (office and data center) connected via 100Mbps guaranteed MAN line with site-to-site VPN as backup.
  Servers will all be in the Data Center.
  Edge routers to be used as site-to-site VPN connection point between office and data center.
  Edge router at data center also to be used to connect to 4 other remote sites.
  Edge networks (router and ASA) will be used to provide internet access to equipment at their respective locations. (No routing across MAN for internet access)
  Cisco 4510 to be used as user switches.
  Supervisor engines will be connected via 10G fiber to core switches.
  There will be 2x 10G connection for each supervisor module.
  Core switches are 4500x to be stacked via VSS using 10G Twinax cables.
  Core switch will also have 1G copper sfp to connect to MAN line hand-off.
  There will also be a physically (for the most part) segregated network using 3750x 
  switches that connect back to the core. We will use 1G Fiber connections.
  Here is the current kit list:
  Office Network Edge
  1x Cisco 3925 Router to connect to internet and vpn tunnel endpoint (CISCO3925-HSEC+/K9)
  1x 2GB RAM upgrade for Cisco Router (MEM-3900-1GU2GB)
  1x 1GB Compact Flash for Cisco Router (MEM-CF-256U1GB)
  1x ASA Firewall w/ IPS  (ASA5525-IPS-K9)
  Office Network Core
  2x 4500X 32 Port Switches (WS-C4500X-32SFP+) w/ IP Enterprise License
  2x 1GB Fiber SFP module per 4500X switch to connect to 3750x  (GLC-SX-MMD)
  2x 10GB TwinAX cables to stack 4500x switches together (SFP-H10GB-CU1M)
  8x 10GB Fiber SFP+ module to connect to 4510 Sup Engines (SFP-10G-SR))
  1x 1GB Copper SFP to connect to MAN circuit hand-off (GLC-T)
  1x 1GB Copper SFP to connect to ASA firewal (GLC-T)
  Distribution
  4x Catalyst 4510R+E Switches (WS-C4510R+E) w/ IP Base License
  2x Supervisor 8-E per 4510 switch (WS-X45-SUP8-E)
  8x 48-port PoE module per 4510 switch (WS-X4748-UPOE+E)
  4x 10G Fiber SFP+ module per 4510 switch (SFP-10G-SR)
  1x 2GB SD Memory card per Supervisor Engine (SD-X45-2GB-E)
  Office Network Segregated
  4x 3750X 48-port PoE Switches (WS-C3750X-48P-L) LAN Base License
  1x 1G Fiber SFP module per 3750x switch (GLC-SX-MMD)
  1x Slot module per 3750x to connect 1GB SFP modules (C3KX-NM-1G)
  Data Center Edge
  1x Cisco 3925 Router to connect to internet and vpn tunnel endpoint (CISCO3925-HSEC+/K9)
  1x 2GB RAM upgrade for Cisco Router (MEM-3900-1GU2GB)
  1x 1GB Compact Flash for Cisco Router (MEM-CF-256U1GB)
  1x ASA Firewall w/ IPS  (ASA5525-IPS-K9)
  Data Center Core
  2x 4500X 32 Port Switches (WS-C4500X-32SFP+) w/ IP Enterprise License
  2x 10GB TwinAX cables to stack 4500x switches together (SFP-H10GB-CU1M)
  3x 10GB Fiber SFP+ modules per 4500X switch to connect to 3850 switches (SFP-10G-SR)
  1x 1GB Copper SFP to connect to MAN circuit hand-off (GLC-T)
  1x 1GB Copper SFP to connect to ASA firewall (GLC-T)
  1x 1GB Copper SFP to connect to segregated ASA (GLC-T)
  Data Center Distribution
  6x 3850 24-port PoE Switches (WS-C3850-24T-S) IP Base License
  1x Slot module per 3850 switch to connect 10GB SFP+ modules (C3850-NM-2-10G)
  1x 10G Fiber SFP+ module per 3850 switch (SFP-10G-SR)
  Data Center Segregated
  1x Cisco 2951 Router to connect to internet and vpn tunnel endpoint (CISCO2951/K9)
  1x ASA 5512-X (ASA5515-K9)
  Attached diagram is just a draft.

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  A 39xx is underpowered if you want to support gig VPN tunnel.
  If your MAN is 100 Mbps (possibly "light" for 600 users), I would suggest running your port at 100 Mbps, not gig.  (This because LAN switches don't shape, and may not be able to "see" congestion or drops within the MAN.)
  You user edge (the 4500s) will be L2 or L3.  If the latter, I would recommend not using a VSS core.
  I would recommend not using the same Internet connection for both general Internet access and VPN.

• How to span vlans across core layer in core/distribution/access campus design?

  Hi,
  I studied Cisco Borderless Campus Design Guide 1.0 (http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/Borderless_Campus_Network_1-0/Borderless_Campus_1-0_Design_Guide.html) last week because we plan to redesign our campus backbone to a three tier Core/Distribution/Access Design.
  Today we use a collapsed backbone where a lot of vlans are spanned across the backbone because they are needed in different buildings.
  Could anybody give me a hint how Cisco recommends to deal with that kind of vlans in the multi-tier design?
  In my eyes between core and distribution layer there is only routing functionality and no l2 transport of vlans.
  So using the same vlan in different buildings seems not to be supported?
  Best Regards,
  Thorsten

  Thorsten
  Just to add to Joseph's post.
  It is quite common for a vlan to be spanned when it doesn't actually need to be ie. the network has evolved that way.
  Most things do not need L2 adjacency, they can happily use L3. Servers sometimes do but in the campus design your servers are usually located in one site so you don't need to extend vlans to other sites in your campus.
  Not suggesting this is the case for you but it may be worth checking whether you really do. (apologies if you already have)
  As Joseph mentioned you really want to avoid it if at all possible ie. ideally all connections to the core switches are L3 ie. no need for vlans at all in the core.
  If you need to extend a few vlans then you can do this but still route for all other vlans ie. you would configure your distribution to core connections as trunks and then allow the vlans you need to extend plus one other vlan, unique per distribution pair, to route all other vlans. So per site your distribution switches route all vlans except the extended vlans and of they need to route to a vlan in another site they use that unique vlan.
  But this is not ideal because you then need to extend certain vlans across the core and because you are using L2 connections STP could come into it although that does depend on your core switch selection eg. 4500/6500 VSS etc. would alleviate this.
  There are ways to extend vlans across a L3 network but the solutions available are very much dependant on the kit you use and their capabilities so if you do need multiple vlans in multiple sites but still want to keep a L3 core you may want to investigate some of those before purchasing kit (unless of course you have already purchased it).
  What you do really depends on just how many vlans you actually need to extend between sites.
  Jon

• Utility Substation Network Design

  We need help in designing our substation network and connecting it to our corporate LAN. The substation network consists of Ethernet radios connecting approximately 25 substations in a 30 mile radius. We have several different systems operating at each station such as SCADA and AMR. We need to segregate each of these networks and route them to different servers at headquarters. We would also like to have access to the corporate network for remote email and internet connections. At each substation the Ethernet radio will drop a TX connection to a hub, switch or router. We will connect the SCADA processor, AMR processor and maybe a computer to this device. Back at the office we bring the TX connection to either a layer3 switch or router to direct the traffic as needed. Our LAN is already protected via firewalls and such from the outside world so I don?t see a need in another firewall. My two major concerns are routing the traffic correctly and blocking users from plugging in a computer at a substation and accessing the LAN. Please give advice on what equipment is necessary to reach our goals and how to block any computer from plugging in at a station and having complete access (maybe we need to use a VPN or something)
  Thanks in advance!

  This is a tough one. Electric utilities are evaluating their security in and around routable protocols for control system networks to meet the requirements of NERC CIP. Your design should/must be based on the requirements that you fall under, based upon your NERC/FERC role.
  Segregation is key. I have a utility network that is compliant and can offer you some help. Can you offer some insight as to the need to remote email and internet from the substation applications?
  --Ron

• Company network design

  Hi guys,
  I am a student from Belgrade and currently i am working on company network implementation, and i have few problems.
  1. I have to make company regional center which looks like this:
  - Company has two buildings in one town:
   - First building has four departments (finance, development, IT, marketing) and server farm with five servers (one for each department and one shared server)
   - Second building also has that four departments and only one server (backup server)
  Requests:
  a. Each department should see its server without routing
  b. All other traffic should go through router
  How can i achieve this?
  I have sent you screenshot of my network with backbone and one city connected (BGD), with redundant routers on backbone and with its two locations.
  Also, i am not sure if i need separate router for each location.
  2. I need to add main office and branch offices to Houston router:
  -Main office should be connected to backbone and it should contain another router which is connected to branch offices via serial links.
  Requests:
  a. How should i design this?
  Thank you anyway,
  Regards,
  Dragan

  Hello,
  It is my university project, but actually, i am not that lazy, i would like to do it on my own, but i am not 100% sure how to do that.
  Ok then, i will tell you my ideas and i hope you will tell me if it is right.
  1. As you can see in the attached picture i have built backbone (4 routers named NewYork1, NewYork2 (i needed router redundancy for NewYork), Houston and LA) and New York network, which should be one OSPF area.
  There are two company buildings in NY on separate locations. Both buildings have 4 departments - floors (finance, marketing, development and IT).
  First building structure:
  - On each floor i have one department and in the basement is the company data-center (with 4 servers for each department and one shared server) and DMZ.
  Second building structure:
  - On each floor i have one department and in the basement is the backup server.
  Requests for NY:
  a. Each department should access its server without routing.
  My solution:
  - As you can se on the pic i attached, i put a router in each location (routers named NewYork-Location1 and NewYork-Location2), in order to divide the network into two LANs.
  - Every department, servers room and DMZ has its switch so i can add more devices.
  a. Each department should access its server without routing.
        - As i know this is possible only on location 1 if i configure VLANs (one VLAN for department and dedicated server). Traffic from location 2 departments to dedicated routers must go through router. Is there some other way to achieve this? can vlan be made on remote sites?

• MPLS network design challenge

  Hi,
  I have a design issue for which I really like your help.
  In a MPLS network there are twoPOP gateway routers (G1,G2) peering with various MPLS VPN Service providers via B2B vrf eBGP peering are in 4 different ASN's. They inturn all peer via VPNv4 eBGP with the Core ASN which comprises of  2 Nos VPNv4 RR's and every site in the ASN haveing 2 P/PE per site. Every P/PE is peering via VPNv4- iBGP with the VPNv4 RR's. The RR's are not in the forwarding path of the traffic.
  Every site has 2 Nos CE routers and each CE router does a vrf based ebgp peering with the P/PE's.
  The P/PE routers import 2Nos RT exported by the 2 Nos POP G/w routers and inturn selects the best path and pass it to the CE routers.
  Now it is seen that the P/PE of all sites is selecting the best path adverstised by G1 instead of  G2 based on the AS PATH length and the shortest path is being adverstised by G1. So till a situation arises that the G1 is down till that time the P/PE's are forwarding the outbound traffic from the CE to G1 even also when the IGP cost is adding up high and when there is a direct link failure from the P/PE site to G1 site.
  It therefore makes sense that if the direct physical link form a P/PE site to the site G1 is located goes down ,the P/PE's then should choose  G2 via another path even when G1 is available.
  Does these sort of requirements ever come in SP environments from customers ? if so what are the solutions ..
  Thanks in advance
  Kas

  Hi kas,
  This type of requirement come to providers and there are few options which provider can implement.
  1- Play with local preference along with import map in vrf if requirement is customer specific. I mean if one customer want that G1 should be primary exit point and other customer want G2 as primary exit than he can use import map (which is similar to route-map )
  ip vrf ABCD
  rd XX
  import map ABCD
  route-target export XX
  route-target import YY
  route-map ABCD permit 20
  set local-preference >100
  2- Or you can play with As-path prepending option if you want to skip selection based on local preference.
  it is in provider interest to provide you solution. as there are options of affecting traffic by using communities.
  Please provide diagram and some config for complete solution.
  Regards
  Mahesh