When EIGRP is used as the routing protocol for a fully routed or routed access layer solution, take the following EIGRP tuning and best practice steps to achieve sub-200 ms convergence: •Summarize towards the core from the distribution layer. Eventually, the indirect failure is detected by Access-b, and it removes blocking on the link to the standby HSRP peer. CEF determines the longest path match for the destination address using a hardware lookup. This is not always a problem, such as when a switch is connected in a conference room to temporarily provide additional ports/connectivity. •Connect distribution nodes to facilitate summarization and L2 VLANs spanning multiple access layer switches where required. It breaks the complex problem of network design into smaller and more manageable areas. Otherwise, multiple convergence events can occur for a single failure and undesirable traffic paths are taken after the spanning tree converges. Instead, it decreases availability by reducing serviceability and determinism. http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/VMDC/2.6/vmdcservicesaag.html, http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/VMDC/2.6/vmdctechwp.html. Figure 51 illustrates a redundant topology where a common VLAN is shared across the access layer switches. Use StackWise technology in the Cisco Catalyst 3750 family or modular chassis implementations to avoid these complications. Unused VLANs should be manually pruned from trunked interfaces to avoid broadcast propagation. Keep in mind, however, that this setting can cause loss of connectivity if the process is not performed in the correct order and there is no out-of-band connectivity to the farthest switch from where the in-band modifications are being made. Now I want to power off the standby switch so that we can reuse it other new location. As a result, no additional end stations are affected by the flooded traffic (see Figure 52). For the remainder of this document, the term EtherChannel is used to describe both variants. When a less-than-optimal topology is used, a long-existing but frequently misunderstood situation can occur as a result of the difference between ARP and CAM table aging timers. Return path traffic is dropped until the SPF timer has expired and normal reroute processing is completed. Misconfiguration (mis-matched pairs) or hardware failure can result in unexpected STP behavior. The end result is that a more equal utilization of the uplinks is achieved with minimal configuration. Additionally, the media types common in the access layer are not susceptible to the same half up or rapid transitions from up to down to up (bouncing) as are those commonly found in the WAN. VLANs provide the broadcast isolation, policy implementation, and fault isolation benefits that are required in highly available networks. With aggressive HSRP timers (such as those previously recommended in this document), you can minimize this period of traffic loss to approximately 900 milliseconds. To avoid this situation the Spanning Tree environment must be tuned so that the L2 link between the distribution switches is the blocking link while the uplinks from the access layer switches are in a forwarding state. In the first case, the standby HSRP peer can go active as it loses connectivity to its primary peer, forwarding traffic outbound for the devices that still have connectivity to it. However, some additional complexity (uplink IP addressing and subnetting) and loss of flexibility are associated with this design alternative. This results in fast, deterministic convergence in the event of a link or node failure. A shorter ARP cache timer causes the standby HSRP peer to ARP for the target IP address before the CAM entry timer expires and the MAC entry is removed. If this cannot be avoided, then tune the ARP aging timer so that it is less than the CAM aging timer. Convergence around a link or node failure in the L2/L3 distribution boundary model depends on default gateway redundancy and failover. The access layer of the network is typically a single point of failure, as shown in Figure 7. NSF/SSO provide the most benefit in environments where single points of failure exist. •Avoid L2 loops and the complexity of L2 redundancy, such as Spanning Tree Protocol (STP) and indirect failure detection for L3 building block peers. There are many ways that a loop can be introduced on the user-facing access layer ports. For the VMDC version "2.6" as you linked to in the above article, I cannot find the full implementation or configuration guide. A campus network is an enterprise network … If the foundation services and reference design in an enterprise network are not rock-solid, applications that depend on the services offered by the network like IP telephony, IP video, and wireless communications will eventually suffer performance and reliability challenges. Finally, VTP transparent mode should be used because the need for a shared VLAN database is lessened given current hierarchical network design. The primary HSRP peer remains active and also forwards outbound traffic for its half of the stack. STP lets the network deterministically block interfaces and provide a loop-free topology in a network with redundant links (see Figure 18). •Consider EIGRP/Routing in the access layer. •Set hello and dead timers to 1 and 3, respectively. •Routed Access—This option is interesting from a convergence performance perspective, but is not yet widely deployed. • If you choose to load balance VLANs across uplinks, be sure to place the HSRP primary and the STP primary on the same distribution layer switch. Highly available networks require redundant paths to ensure connectivity in the event of a node or link failure. Similarly to the L2/L3 distribution layer topology, NSF with SSO provides 1-3 seconds of packet loss without network convergence compared to total outage until a failed supervisor is physically replaced for the routed access topology. Cisco Network Examples and Templates. Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type. This occurred while the access layer switch was load sharing over the equal-cost paths on both uplinks to the distribution layer, and the recovering distribution node was unable to forward the traffic being sent its way (see Figure 64). As campus network planners begin to consider migration to dual stack IPv4/IPv6 environments, migrate to controller-based WLAN environments, and continue to integrate more sophisticated Unified Communications services, a number of real challenges lay ahead. The following configuration snippets illustrate the OSPF configuration: The design recommendations described in this design guide are best practices designed to achieve the best convergence possible. When an indirect failure is detected and STP/RSTP converges, the distribution nodes reestablish their HSRP relationships and the primary HSRP peer preempts. Topologies where point-to-point physical links are deployed provide the most deterministic convergence. To continue the analogy, if a reliable foundation is engineered and built, the house will stand for years, growing with the owner through alterations and expansions to provide safe and reliable service throughout its life cycle. You can reliably tune HSRP/GLBP timers to achieve 900 ms convergence for link/node failure in the L2/L3 boundary in the distribution hierarchical model. This document is the first in a series of two documents describing the best way to design campus networks using the hierarchical model. Ensure that the distribution node has connectivity to the core before it preempts its HSRP/GLBP standby peer so that traffic is not dropped while connectivity to the core is established. Traffic is lost while SSO completes, or indirect detection of the failure occurs. However, fully-routed access layer designs are not often deployed today. 2. Additionally, because both EIGRP and OSPF load share over equal-cost paths, this provides a benefit similar to GLBP. Note For more details, refer to High Availability Campus Recovery Analysis. Great, thanks for sharing @Marwan ALshawi, Thanks to all your participation in the Community Helping Community, we have achieved our goal. Use BPDU Guard to prevent the introduction of non-authorized bridging devices. A link between the two distribution nodes is also required. For example, an Internet worm infection, such as Slammer, can cause congestion on many links in the network, and QoS can minimize the effect of this event. Additionally, if you use a modular chassis switch, such as the Cisco Catalyst 4500 or Catalyst 6500 family of switches, these design considerations are not required. It includes the following topics: •Layer 2 Redundancy—Spanning Tree Protocol Versions, •Protecting Against One-Way Communication with UniDirectional Link Detection, •Link Aggregation—EtherChannel Protocol and 802.3ad, •Using HSRP, VRRP, or GLBP for Default Gateway Redundancy, •Ensuring Connectivity in Case of Failure, •Tuning Load Balancing with Cisco Express Forwarding. •Prioritization of mission-critical network traffic using QoS. If you require a common, centrally-managed VLAN database, consider using VTP version 3. If summarization is implemented at the distribution layer, the distribution nodes must be linked or routing black holes occur. In this topology, the CAM table entry ages out on the standby HSRP router. When a link or node has failed, an OSPF peer cannot take action until this timer has expired. Virtual Trunk Protocol (VTP) is a protocol that allows network managers to centrally manage the VLAN database. The default state for PAgP in CatOS is desirable, meaning that a CatOS switch tries to negotiate an EtherChannel. Summarization is required to facilitate optimum EIGRP or OSPF convergence. This behavior caused a considerable amount of traffic being dropped; more than 40 seconds in the tested topology. While this is not optimum, it is also not detrimental from the perspective of outbound traffic. This can be easily avoided by not spanning VLANs across access layer switches. Additionally, totally stubby areas that are required to limit LSA propagation and unnecessary SPF calculation have an undesirable side effect when a distribution node is restored. The following are the design recommendations for Layer 2 foundation services: If you are compelled by application requirements to depend on STP to resolve convergence events, use Rapid PVST+, which is far superior to 802.1d and even PVST+ (802.1d plus Cisco enhancements) from the convergence perspective. Figure 63 OSPF SPF Timer Affects Convergence Time. Also, peering and adjacency issues exist with a fully-meshed design, making routing complex to configure and difficult to scale. In the configuration example below, summary routes are sent towards the core: When summarization is used, the distribution nodes interact with a bounded number of routing peers when converging around a link or node failure. Traffic is flooded out the same interface that would be used normally, so the end result is the same. This section describes the foundation technologies used in the campus network and the recommended configurations. L3 equal-cost load sharing allows both uplinks from the core to the distribution layer to be utilized. A typical enterprise hierarchical campus network design includes the following three layers: The two proven hierarchical design architectures for campus networks are the three-tier layer and the two-tier layer models, This design model can be used in large campus networks where multiple distribution layer and buildings need to be interconnected, This model can be used in small and medium campus network where core and distribution functions can be collapsed into one layer also known as collapsed core/distribution model, By applying the hierarchical design model discussed above into multiple blocks within the campus network this will result in a more scalable and modular topology called “building blocks" which allow the network to meet evolving business needs. In Figure 46, an L3 connection exists between the distribution nodes. Network devices/hosts connected to the access layer switches need to connect via IP to a gateway that provides (FHRP). Two virtual MAC addresses exist with GLBP, one for each GLBP peer (see Figure 38). The hierarchies tied together at the campus backbone. •Use the Spanning-Tree toolkit to protect against unexpected STP participation. The following are the DTP settings show in Figure 24: •Automatic formation of interconnection between trunked switch and switch: –Desirable—Form a trunk if the other switch will, –Auto—Form a trunk if the other switch suggests. Considerable outages can be experienced when distribution nodes are restored with totally stubby areas. Resiliency 4. You must make sure that the STP root and default gateway (HSRP or VRRP) match. The solution to this problem is to provide alternate connectivity across the stack in the form of a loopback cable running from the top to the bottom of the stack, as shown in Figure 48. When such a physical misconfiguration occurs, protocols such as STP can cause network instability. This means that the primary method of convergence for core or distribution node failure is loss of link. Only use BPDU Guard if you are able to intervene and re-enable error-disabled ports. –By default, one of the possible adjacencies is selected by a hardware hash where the packet source and destination IP address are used. Examples of functions recommended to be located in a services block include: There might be multiple services blocks depending on the scale of the network, the level of geographic redundancy required, and other operational and physical factors, As described in Cisco’s Enterprise Campus 3.0 Architecture, http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/campover.html#wp708979, The Data Center block of a campus network also known as “ server farm” can be considered as another block of the campus LAN that uses the same hierarchical design model, however in the data center there are some factors and design requirements that are different from a normal access-distribution switches design such as port capacity, ~0% of oversubsecription and more specialised services can be introduced like firewalling and loadbalcing services. The high performance collapsed backbone u… Without this logical grouping, STP/RTSP would place the redundant interface into blocking state to maintain a loop-free topology (See Figure 30). It is not generally practical to provide line rate for every port upstream from the access-to-distribution switch, the distribution-to-core switch, or even for core-to-core links. However, in the core of the network a "less is more" approach should be taken. You must consider this limitation before selecting OSPF as a routing protocol in campus environments. The default state for Cisco IOS software is off. These technologies require a unique VLAN database with common names in each access layer switch. The flowing three major network resiliency requirements as described by Cisco Borderless design guide 1.0 cover most of the common types of failure conditions. Physical link up/down is faster than timer-based convergence. On the interface facing the primary root switch, the following Cisco IOS command was entered in interface configuration mode to accomplish the desired effect. The use of triangle rather than square topologies is only a recommendation. •Client—Receives updates but cannot make changes. When an end point ARPs for its default gateway, the virtual MACs are checked out on a round-robin basis. Using these oversubscription ratios, congestion on the uplinks occurs by design (see Figure 42). However, this approach can cause its own set of problems (see Figure 54), including the following: •Traffic is dropped until HSRP becomes active. –Increased scalability because neighbor relationships and meshing are reduced. The HSRP and Rapid PVST+ root should be co-located on the same distribution switches to avoid using the inter-distribution link for transit. The distribution layer aggregates nodes from the access layer, protecting the core from high-density peering (see Figure 3). This capability facilitates troubleshooting, problem isolation, and network management. First, OSPF implements an SPF timer that can not currently be tuned below one second. The hierarchical campus model implements many L3 equal-cost redundant paths. To achieve this, use the mls ip cef load-sharing full command on the distribution nodes. The new MAC address is attached and the packet is forwarded. Depending on the LAN design tier, the resiliency option appropriate to the role and network service type must be deployed: Although redundant components within a single device are valuable, however the best availability ratio can be achieved with completely separate devices and paths, http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/Borderless_Campus_Network_1.0/BN_Campus_HA.html#wp1229178. Figure 21 PVST+ and Rapid PVST+ Performance. The Cisco Certified Design Associate (CCDA®) is an industry-recognized certification for network design engineers, technicians, and support engineers who demonstrate the skills required to … Rapid PVST+ provides the rapid convergence of 802.1w while avoiding the complexity of 802.1s. At the very least, this model requires redundant core and distribution layer switches with redundant uplinks throughout the design. •Tune EtherChannel and CEF load balancing to ensure optimum utilization of redundant, equal-cost links. This design is less than optimal from a convergence perspective. An L3 link is required between the distribution nodes. Recommend correcting if you have the opportunity. •Efficient network and bandwidth management using software features such as Internet Group Membership Protocol (IGMP) snooping. The latest software for the device does not seem to support the creation of VRF's, but I've noticed that a few commands do offer the selection of a VRF. Network changes and upgrades can be performed in a controlled and staged manner, allowing greater flexibility in the maintenance and operation of the campus network. Functions are distributed at each layer. The end result is that for return path traffic, the distribution node that is coming back online can not resolve all the IP to MAC addresses for the L2 domain that it supports for a considerable period of time. If an L3 link between the distribution nodes is not present, return traffic (from the core to the access layer) could be dropped if an access layer link fails and the distribution nodes are not interconnected with an L3 link, as shown in Figure 14. Using a routed access layer topology addresses some of the concerns discussed with the recommended topology in which the distribution switch is the L2/L3 boundary. •Deploy QoS end-to-end; protect the good and punish the bad. This guideline will discuss some of the technologies and design considerations that need to be taken into account during the planning and design phases to design a scalable campus network, Although this guideline is generated based on Cisco’s recommendations and best practices, however it is not a Cisco’s official document. This includes PortFast, UplinkFast, BackboneFast, BPDU Guard, BPDU Filter, Root Guard, and Loop Guard. However, when interoperating with non-Cisco devices, you can use only the standard "lowest common denominator" features and you cannot take advantage of the Cisco enhancements to VRRP. Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.