VLAN + Layer3 + 6 Switches + Ring topology

[deltamc2000]

HI Guys,

Joined this forums as this was the first place that the forum memebers explained VLANs, Trunking and layer 3 switching! After days of reading about various stands, this post made it all go "Ding!"

http://forums.anandtech.com/showthread.php?t=1846789

I have never had a need for VLAN, but I have a client that wants it set up in a particualar way...

I am to install 30 Access Points on 6 switches (Netgear GS110TP).
Each switch will POE 8 Access points each.
Each switch is daisy chained together with fibre on the 2 SFP ports
VLAN each access point on each switch
All loops back to a layer3 switch with a DSL point on the final VLAN

He wants the swtiches to be in a ring topology for fault tollerence (all connected together in a big loop) so if on fibre connection fails, they all continue to work).

My solution is to trunk all the fibre ports to carry VLAN traffic back to the Layer3 switch which will route all VLAN traffic to the VLAN the internet connection is on.

Dont ask me the reasons for this setup, I have been asked if I can do it. I will be setting up a test lab with 2 switches and a layer3 switch next weekk.

My first thought is that this will cause a packet storm based on the face the switches are a looped together. I have been reading about STP & MSPT, is this what I need to impletment such a topology?

Any tips on this kind of setup, guides, or even let me know if im barking up the wrong tree would be great!!!!

Im all up for the challenge but I am a noob that has only just grasped how this could be acheived!

Many thanks for your time in advance

Paul

 

[imagoon]

Without questioning the topology, you would use spanning tree protocol, enable / configure it on all the switches. The switches will run STP and build the topology in memory and select a link to drop to make the system not storm. Should another link drop, the protocol will go through a learn process, realize the link dropped elsewhere and bring the dormant link back on line.

Also I would start with STP at the switch level. This means the switch just shuts off the entire port / segment to prevent a loop. Trying to do VLAN level STP gets far more complicated and doesn't sound applicable to this set up yet. The vlan STP will only block a single vlan at a time on a trunk until all the loops in the vlan are eliminated. This has the side advantage of allowing some of the vlans to go one way on the ring with others going to other direction but is far harder to get working right when you are new to it.

 

[deltamc2000]

Hey Imagoon, thanks for the conformation on that! Any good advice on which type of STP or should I be looking at the config for MSTP?

Cheers

 

[deltamc2000]

Also, Is this the best way to set up fault tollerance for all the switches?

 

[her209]

You might want to look into RSTP if you're concerned about convergence time.

As for fault tolerance, the best setup is to have each switch connected to every other switch so even if you have multiple switch/link failures, each switch can still talk to all the other switches.

 

[imagoon]

Best is defined as what you plan to do and the equipment you have. This is one way I have seen to do redundancy and it generally works.

Check out this:

http://en.wikipedia.org/wiki/Spanning_Tree_Protocol#Rapid_Spanning_Tree_Protocol_.28RSTP.29


Since you have a ton of vlans, if you had layer 3 switches all the way around you could in theory using BGP or OSPF etc to set up routing, use per vlan STP and develop a fully load balanced and redundant ring. There is a lot more work to get that to work correctly but it makes the ring more efficient because you are now giving 2 paths to the destinations, and they could be load balanced based on the routing protocols.

 

[deltamc2000]

Thanks for the info, The switches he wants to use are the netgear GS110TP, not layer3 but do have STP & MSTP funcionality. The layer 3 switch will route all VLAN traffice to the VLAN with the internet connection, is there any way of routing the VLANS to the internet VLAN with out a layer 3 switch?

Cheers

 

[imagoon]

You would trunk to a router to route without a layer 3 switch.

 

[deltamc2000]

I see, I suspect the client has probably got some crappy ISP based modem\router (my be wrong) But IF the router had trunking caperbilties, I could simply trunk stiaght to that. If it is a case of a crappy router on site, a layer3 switch is the only way to get all VLAN traffice to route to the internet VLAN?

 

[drebo]

A layer 3 switch would handle it, yes.

And, yes, you will need to use STP. You will want your layer 3 switch to be the root bridge for all STP instances, so make sure you configure it properly. I don't know how many VLANs or how configurable your switches are when it comes to STP, so I can't really provide much guidance on optimizing network convergence speed.

A ring topology isn't too bad.

It does, however, sound like you're a bit unqualified for the job...

 

[SammyJr]

It does, however, sound like you're a bit unqualified for the job...

It sounds like he's on the right track. Its good experience.

 

[cmetz]

deltamc2000, what you're doing is technically feasible, but fraught with peril. Spanning-tree does not deal well with ring topologies. As the name suggests, it really wants you to have a tree topology. Also, spanning-tree has a tendency to deal with redundant links and failures in ways that can't be reasoned out without actually running the protocol on pen and paper. I have seen many, MANY cases where people have set up seemingly obvious and simple redundant configurations with spanning tree, and they have not handled failure anywhere near the way the designers expected - but spanning tree was operating correctly.

Read up on the spanning tree protocol and make sure you really understand it. Configure weights. Make sure you can sketch out on paper exactly what the tree looks like when each case of failure happens. Yes, really.

Also, spanning tree bugs are fairly common in network gear. I'd be very hesitant to design a network that really requires spanning tree to work in all cases, and then use SOHO grade switches.

If you have a client dictating all of this, you have a client who knows enough to be dangerous but doesn't really know enough to make it work. You should try to educate this client and find a solution that's really going to work well, or you should consider declining this job.

For enterprise-grade networking gear, there are standard and proprietary fast ring-topology protocols. Building rings with spanning tree has never worked all that well.

 

[imagoon]

deltamc2000, what you're doing is technically feasible, but fraught with peril. Spanning-tree does not deal well with ring topologies. As the name suggests, it really wants you to have a tree topology. Also, spanning-tree has a tendency to deal with redundant links and failures in ways that can't be reasoned out without actually running the protocol on pen and paper. I have seen many, MANY cases where people have set up seemingly obvious and simple redundant configurations with spanning tree, and they have not handled failure anywhere near the way the designers expected - but spanning tree was operating correctly.

Read up on the spanning tree protocol and make sure you really understand it. Configure weights. Make sure you can sketch out on paper exactly what the tree looks like when each case of failure happens. Yes, really.

Also, spanning tree bugs are fairly common in network gear. I'd be very hesitant to design a network that really requires spanning tree to work in all cases, and then use SOHO grade switches.

If you have a client dictating all of this, you have a client who knows enough to be dangerous but doesn't really know enough to make it work. You should try to educate this client and find a solution that's really going to work well, or you should consider declining this job.

For enterprise-grade networking gear, there are standard and proprietary fast ring-topology protocols. Building rings with spanning tree has never worked all that well.

I beg to differ, STP is designed to work with rings (loops) it is the whole point of the protocol. How well it works tends to be directly related to how well it is implemented on the switch and the environment.

 

[drebo]

As long as your root bridge is the exit point of the ring, there is no reason why STP wouldn't work in a ring topology. If you leave everything default, then, yes, it's possible for STP to set your topology up so that your exit point is the FURTHEST switch from the one directly adjacent to it.

6 switches isn't really enough to bother with a collapsed core architecture. If he were up to 10 or 15, then, yes, I'd say collapsed core would be best.

Ring is more than fine for his purposes, provided that STP is properly configured with a predictable root bridge and proper timers for a network of that size.

 

[deltamc2000]

Thanks for the input guys, and yes Drebo, I am under unqualified for thid job! But im the kinda guy that enjoys learning new technologies. I deal with a number of networks that are much bigger than this and although they have near on 1,000 windoze PCs connected to 30 servers each room with layer 3 switches in every class room. The comapany that installed the switches and cables have left the whole thing on default settings with no VLANs! From this experiance I would like to go in there and VLAN the entire network...

Cmetz, thanks for input, that is exactly what I wanted to hear. I am under no ilusion that this was going to be "Click Next, Then Finish" job which is why I posted my question here in the first place. I am interested in my situation, what would you be telling your client a better solution for what he wants to achieve? Could you elaberate on the "For enterprise-grade networking gear, there are standard and proprietary fast ring-topology protocols."? I suspect it is Cisco based but I would like to have a look at the details, all new information is good information!

Drebo, could you explain a bit more on the "collapsed core architecture"?

Thank you guys

 

[alkemyst]

You would trunk to a router to route without a layer 3 switch.

OP look up "router on a stick" for configs.

MSTP vs RSTP is practically a religious debate. We mostly use RSTP in real-world deployments. MSTP may be more optimized, but there is a lot more room for error esp if the customer changes things.

 

[drebo]

Drebo, could you explain a bit more on the "collapsed core architecture"?

Collapsed Core basically means that your distribution layer and your core layer are the same layer.

Back in the day, before multilayer switching (layer 3 switches) were common, and you had to rely on routers (which are generally very slow) to traverse from one network to another, your network was set up in three tiers: Core, Distribution, and Access.

Your Access layer is pretty standard...slow switches that connect to access devices, are layer 2 only, and have no knowledge of the rest of the network. They don't route and typically wouldn't have multiple vlans available on them. Way back, these would have been hubs, thus your network segment size would be extremely limited. Switches were just too expensive.

The distribution layer would take care of layer 2 segregation (your VLANs). The Access switches would uplink to the distribution switches with fast links and l2 switching within vlans. You also had throughput concerns on switches.

The core would take care of routing between the various vlans and any other external networks.

With the advent of faster multilayer switches and cheaper switches, the requirement for a separate Core network really went away. When a Layer 3 switch can route packets at line speed, there's no real reason to forward the packets to a separate router to handle that, especially when routers are typically much slower than Layer 3 switches.

So, now you have a merged Core and Distribution layer. Your Collapsed Core connects directly to your access layer. Switch ports are far cheaper than they used to be, so there isn't a capacity concern anymore on the number of ports your core routers have. In your scenario, each of your access switches (the ones that the APs connect to) would connect directly to your Layer 3 switch, in a physical star topology.

With 6 switches, it's not really a big deal, because the furthest hop from one end of the ring to the other is only 6 switches, and it's only 3 switches max to get out of the network itself, if they're in a ring topology that's properly configured and the appropriate root bridge is identified. Now consider 15 switches in that same ring. Now you're looking at a seriously long amount of time to get from one side to the other. With a collapsed core, you're looking at 2 hops, max, to reach any point in the network. It probably is more expensive to deploy and you'll need more fast ports on your L3 switch, but it is the superior topology. Partial meshes can be created, as well, in places where you know that you're going to have a lot of access-to-access switch traffic.

There is importance in your STP design in either archetype, though. You need to make sure that the election of your root bridge is predictable and is a logical choice, and you need to tune your timings so that your network will heal in an appropriate amount of time. A ring of 6 switches is not a bad way to go for your design. It will provide some redundancy and it sounds like all vlans will exist on all switches, so there is a predictable traffic pattern here.