Understanding LAN Hardware and Campus Design Factors
LAN Hardware
Repeaters– Repeaters are the basic unit in networks that connect separate segments. Repeaters take incoming frames, regenerate the preamble, amplify the signals, and send the frame out all other interfaces. Repeaters operate at the physical layer of the OSI model.
Hubs– hubs were introduced to concentrate thinnet and 10BASE-T networks in the wiring closet. Traditional hubs operate on the physical layer of the OSI model and perform the same functions as basic repeaters. The difference is that hubs have more ports than basic repeaters. Hubs were eventually replaced by switches.
Bridges- connect separate segments of a network. They differ from repeaters in that bridges are intelligent devices that operate in the data link layer of the OSI model. Bridges control the collision domains on the network. Bridges also learn the MAC layer addresses of each node on each segment and on which interface they are located (stp).
Switches – Switches use specialized integrated circuits to reduce the latency common to regular bridges. Switches are the evolution of bridges. Some switches can run in cut-through mode where the switch does not wait for the entire frame to enter its buffer; instead, it begins to forward the frame as soon as it finishes reading the destination MAC address. Switches have characteristics similar to bridges; however, they have more ports and run faster.
Routers – Routers make forwarding decisions based on network layer addresses. When an Ethernet frame enters the router, the Layer 2 header is removed; the router forwards based on the Layer 3 IP address and adds a new Layer 2 address at the egress interface. In addition to controlling collision domains, routers bound data link layer broadcast domains. Each interface of a router is a separate broadcast domain.Layer 3 switches – LAN switches that can run routing protocols are Layer 3 switches. These switches can run routing protocols and communicate with neighboring routers. They are also referred to as multilayer switches. Layer 3 switches have LAN technology interfaces that perform network layer packet forwarding. The use of switching technologies at the network layer greatly accelerates packet forwarding between connected LANs, including VLANs.
Campus design factors
include the following categories:
- Network application characteristics: Different application types
- Infrastructure device characteristics: Layer 2 and Layer 3 switching, hierarchy
- Environmental characteristics: Geography, wiring, distance, space, power, number of nodes
Peer-to-peer Includes instant messaging, file sharing, IP phone calls, and videoconferencing.
Client-local servers Servers are located in the same segment as the clients or close by, normally on the same LAN. With 80/20 workgroup rule, 80 percent of traffic is local and 20 percent is not local. Client/server farms Mail, server, file, and database servers. Access is fast, reliable, and controlled. Client-enterprise edge servers External servers such as Simple Mail Transfer Protocol (SMTP), web, public servers, and e-commerce.
Access layer Limit VLANs to a single closet when possible to provide the most deterministic and highly available topology, Use RPVST+ if STP is required. It provides the best convergence, Set trunks to ON and ON with no-negotiate, Manually prune unused VLANs to avoid broadcast propagation, Use VTP Transparent mode, because there is little need for a common VLAN database in hierarchical networks, Disable trunking on host ports, because it is not necessary. Doing so provides more security and speeds up PortFast, Consider implementing routing in the access layer to provide fast convergence and Layer 3 load balancing, Use Cisco STP Toolkit, which provides PortFast, Loop Guard, Root Guard, and BPDU Guard. Distribution layer Use first-hop redundancy protocols. Hot Standby Router Protocol (HSRP) or Gateway Load Balancing Protocol (GLBP) should be used if you implement Layer 2 links between the access and distribution, Use Layer 3 links between the distribution and core switches to allow for fast convergence and load balancing, Build Layer 3 triangles, not squares, Use the distribution switches to connect Layer 2 VLANs that span multiple access layer switches, Summarize routes from the distribution to the core of the network to reduce routing overhead, Use VSS as an option to eliminate the use of STP.
Core layer Reduce the switch peering by using redundant triangle connections between switches, Use routing that provides a topology with no spanning-tree loops, Use Layer 3 switches on the core that provide intelligent services that Layer 2 switches do not support, Use two equal-cost paths to every destination network.
STP switch ports enter the following states:
- Blocking: A port that would cause a switching loop if it were active. No user data is sent or received over a blocking port, but it may go into forwarding mode if the other links in use fail and the spanning tree algorithm determines the port may transition to the forwarding state. BPDU data is still received in the blocking state. It prevents the use of looped paths.
- Listening: The switch processes BPDUs and awaits possible new information that would cause it to return to the blocking state. It does not populate the MAC address table and it does not forward frames.
- Learning: While the port does not yet forward frames, it does learn source addresses from frames received and adds them to the filtering database (switching database). It populates the MAC address table, but does not forward frames.
- Forwarding: A port receiving and sending data, in normal operation. STP still monitors incoming BPDUs that would indicate it should return to the blocking state to prevent a loop.
- Disabled: Not strictly part of STP. A network administrator can manually disable a port. Cisco Switches support three types of STPs: ■ Per VLAN Spanning Tree Plus (PVST+) ■ Rapid-PVST+ ■ Multiple Spanning Tree (MST)
The Root bridge (switch) is a special bridge at the top of the Spanning Tree (inverted tree). The branches (Ethernet connections) are then branched out from the root switch, connecting to other switches in the Local Area Network (LAN). All Bridges (Switches) are assigned a numerical value called bridge priority. A bridge protocol data unit (BPDU) is a data message transmitted across a local area network to detect loops in network topologies. A BPDU contains information regarding ports, switches, port priority and addresses. BPDUs contain the information necessary to configure and maintain spanning tree topology. STP ToolkitPortFast – Mostly used in access ports, but can be used in trunk ports. If you choose to enable PortFast on trunk ports, make sure you’re not creating a loop. This extension causes an access port or trunk port to go to Forwarding STP state immediately, basically skipping the listening and learning state. UplinkFast – Used in uplink ports to speed up STP convergence after a direct failure. BackboneFast – Speeds up STP convergence after an indirect failure. This extension needs to be enabled on all network devices to take advantage of the feature. Loop Guard – Helps prevent Layer 2 loop when there is an unidirectional link failure. It prevents an alternate or root port from becoming a designated port if it stops receiving BDPUs, it transitions to loop-inconsistent state. Root Guard – Prevents external switches becoming a root. These are normally enabled on ports connecting to downstream switches. When a superior BPDU is received from an interface where root guard is enabled, the switch port will transition to root-inconsistent state. BPDU Guard – When PortFast is enabled on a port, this STP extension helps prevent bridging loops by transitioning a switch port to err-disabled upon receiving a BPDU. BPDU Filter – This STP extension prevents PortFast-enabled ports from sending and receiving BPDUs – effectively disabling STP at the edge which can lead to bridging loops. This is not a recommended configuration per the authors of CCDP ARCH Self-Study Guide. UDLD (Unidirectional Link Detection) – This STP extension prevents bridging loops by monitoring the fiber optic and/or twisted-pair links and detecting if a one-way or unidirectional communication exists. If it detects a unidirectional communication, it will shut down the interface and there will be a system alert.Enterprise Campus LAN A campus LAN connects two or more buildings within a local geographic area using a high-bandwidth LAN media backbone. Usually the enterprise owns the medium (copper or fiber). High-speed switching devices minimize latency. In today’s networks, Gigabit Ethernet campus backbones are the standard for new installations. The edge distribution protects the campus from the following threats: ■ IP spoofing: The edge distribution switches protect the core from the spoofing of IP Addresses. ■ Unauthorized access: Controls access to the network core. ■ Network reconnaissance: Filtering of network discovery packets to prevent discovery from external networks. ■ Packet sniffers: The edge distribution separates the edge’s broadcast domains from the campus, preventing possible network packet captures.Medium-size LANs contain 200 to 1000 devices. Usually, the distribution and core layers collapse in the medium-size network. Access switches are still connected to both distribution/core switches to provide redundancy. Small and remote sites LAN usually connect to the corporate network via a small router. The LAN service is provided by a small LAN switch. The router filters broadcast to the WAN circuit and forward packets that require services from the corporate network. You can place a server at the small or remote site to provide DHCP and other local applications such as a backup domain controller and DNS. Large-building LANs are segmented by floors or departments. The building-access component serves one or more departments or floors. The building-distribution component serves one or more building-access components. Campus and building backbone devices connect the data center, building-distribution components, and the enterprise edge-distribution component. The access layer typically uses Layer 2 switches to contain costs, with more expensive Layer 3 switches in the distribution layer to provide policy enforcement.