Hierarchical model design implementation

NetworkGroover · October 27, 2015, 05:51:18 PM

We shouldn't just be telling you what to do. You shouldn't just take our word for it either. You should explain your thought process and weigh the pros and cons.

Ok, so first, let's talk HQ-to-Branch:

You've got redundancy everywhere, but not at your network edge (the router connecting your HQ to your branch). You'd probably want two routers there unless you're constrained
Right now you're treating all the floors as one big entity from the network perspective. In my opinion this is not good. I don't know how to word this without giving away the answer, but how do you think you could break up those floors into discreet, more manageable networks instead?

TheBigDog · October 27, 2015, 06:02:08 PM

1.There is no constrains on this design.

2.I have used VLSM to spilt up the network for each department to have data and voice.The HQ will have 140 employees with a VOIP phone and desktop spilt across 3 floors. As for the branch it has 2 departments ( one with 236 and the other with 180 employees ) joined together spilt across the 3 floors.

NetworkGroover · October 27, 2015, 06:11:26 PM

Quote from: TheBigDog on October 27, 2015, 06:02:08 PM
1.There is no constrains on this design.

2.I have used VLSM to spilt up the network for each department to have data and voice.The HQ will have 140 employees with a VOIP phone and desktop spilt across 3 floors. As for the branch it has 2 departments ( one with 236 and the other with 180 employees ) joined together spilt across the 3 floors.

1. Ok, so then I'd go with two routers. You don't want any single points of failure.
2. Ok.... that's not what I was going for... how can you PHYSICALLY break out that huge network of three floors into separate, discreet networks that will be easier to manage?

TheBigDog · October 27, 2015, 06:20:33 PM

1: So the second router would just act as an redundant one until the other router failed ...

2:By using a patch panel ? I really think I should know this answer but unfortunately I do not !

NetworkGroover · October 27, 2015, 06:47:23 PM

Quote from: TheBigDog on October 27, 2015, 06:20:33 PM
1: So the second router would just act as an redundant one until the other router failed ...

2:By using a patch panel ? I really think I should know this answer but unfortunately I do not !

1. Yep, or could be active/active depending on configuration (I think - it's been a while)

2. Nope. What if you had enough access switches on floor 2 and 3, and then just ran those access switches to distro switches residing on floor 1 where your servers are? Do you really think you need a pair of distro switches on each floor? How do you determine if they are needed or not?

EDIT - Also what's your reasoning for directly interconnecting all the floors?

TheBigDog · October 27, 2015, 07:05:49 PM

Running the distribution switches on floor 1 to the access switches on floor 2 and 3 does make allot more sense than having 2 distribution switches per individual floor. As it would be a waste of space and money to have an extra 4 running per building.Id imagine a layer 3 48 port switch would be best suited then ?
My reasoning for directly interconnecting all the floors was for redundancy purposes

deanwebb · October 27, 2015, 07:22:47 PM

Having a single distribution switch pair for the whole building, however, allows you to have redundancy with less hardware. As it says in my sig, accounting is architecture. You would want to have the most cost-effective solution for this network.

that1guy15 · October 27, 2015, 09:45:28 PM

nah dude you are doing good. Most people just want answers without trying.

Glance through what everyone has suggested, then look over your topology and run link by link and kill each one and see what will happen to the rest of the topology.

Then based on your restrictions, interconnect everything in a way that makes sense.

NetworkGroover · October 28, 2015, 11:24:17 AM

Quote from: TheBigDog on October 27, 2015, 07:05:49 PM
Running the distribution switches on floor 1 to the access switches on floor 2 and 3 does make allot more sense than having 2 distribution switches per individual floor. As it would be a waste of space and money to have an extra 4 running per building.Id imagine a layer 3 48 port switch would be best suited then ?
My reasoning for directly interconnecting all the floors was for redundancy purposes

Wow, this conversation is good for me because it's highlighting just how much I've forgotten about campus... Well, most folks IIRC run their access switches as L2. The default gateway for your hosts/servers are usually on your distros provided by a First Hop Redundancy Protocol (FHRP) like VRRP or HSRP (Not many people really use GLBP to my knowledge).

Redundancy is good, but another thing you need to think about is failure domains. Let's say you had all switches on all floors connected to each other. You allow all VLANs to be trunked between all switches. Now let's say you have a broadcast storm on a particular VLAN on floor 1. What happens to the rest of the network? You want to compartmentalize/minimize your failure domains whenever possible.

Full mesh in that scenario in my opinion is bad for a couple reasons. STP churn being one. Creating a gigantic failure domain is another. Rapidly wasting and running out of ports whenever you add a new switch is another because you're eating up so many ports on inter-switch connections. Trying to understand traffic flow and just general management would be yet another. Redundancy is good, but only where it makes sense. Redundancy should be used to "C.Y.A.", but NOT introduce a ton of complexity or add risk. You want redundancy for high availability, but you still want your network to operate in a largely deterministic fashion.

NetworkGroover · October 28, 2015, 11:26:22 AM

As a fun exercise, use the formula for full mesh to see how many interswitch connections you would need for that network you provided the diagram for.

The formula is n x (n-1)/2 where n is the number of switches. Then recalculate it after adding a new switch.

Reference: https://johnmcmanus7742.wordpress.com/2009/01/22/calculate-full-mesh/

TheBigDog · October 28, 2015, 02:30:26 PM

Thanks for the feedback fellas very much appreciated.

deanwebb · October 28, 2015, 02:57:03 PM

Quote from: TheBigDog on October 28, 2015, 02:30:26 PM
Thanks for the feedback fellas very much appreciated.

Thanks for giving good questions and thoughtful responses. We are here to help anyone that is here to learn!

NetworkGroover · October 28, 2015, 07:33:28 PM

Quote from: deanwebb on October 28, 2015, 02:57:03 PM
Quote from: TheBigDog on October 28, 2015, 02:30:26 PM
Thanks for the feedback fellas very much appreciated.

Thanks for giving good questions and thoughtful responses. We are here to help anyone that is here to learn!

+1