Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Is the Distribution Layer Still Needed?

Cliff posted more than 9 years ago | from the it's-a-cisco-thang dept.

Networking 72

arnie_apesacrappin wonders: "I'm in the process of designing the network for a new building in what I would consider a small to medium sized company. It is on the scale of tens of access layer switches, not hundreds. There is a ongoing argument about the need for a distribution layer. My position is that with today's layer 2/3 switches in the core, the distribution layer is outdated for a network of this size. The layer 2/3 core can provide all the aggregation services of the old distribution layer and the routing/filtering functionality of the core with better price and performance. My opponents can only argue that having a distribution layer is the standard. So, are there good reasons for having a distribution layer in a small to medium network? If you were going to argue against the distribution layer, what points would you make?"

cancel ×

72 comments

Sorry! There are no comments related to the filter you selected.

Glad you don't work here. (2, Insightful)

grub (11606) | more than 9 years ago | (#12154169)


Quit trying to be clever. Proper use of L3 equipment around the LAN and judicious use of VLANs is smart. Current equipment will let you design in redundencies for failed hardware so trying to aggregate all your networking smarts to a central point of failure is not cool. Frankly it sounds like you're trying to impress management without thinking of the ramifications.

Re:Glad you don't work here. (2, Funny)

Anonymous Coward | more than 9 years ago | (#12154216)

haha "Flamebait"? you must have pissed off an MCSE with mod points.

Re:Glad you don't work here. (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12155484)

And quit spelling "redundancies" with an extra "e". Are you trying to be clever without thinking of the ramifications?

What? (4, Funny)

Bootle (816136) | more than 9 years ago | (#12154210)

All your technical mumbo jumbo is leaving me bamboozilified. Could ya tone it down a tad?

Re:What? (2, Funny)

Anonymous Coward | more than 9 years ago | (#12159091)

Mr. President, what have we told you about posting on Slashdot?

Isn't that what P2P os for? (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12154287)

Can't you just use P2P to distribute content? Or just outsource it or something?

It can be done. (3, Interesting)

FreeLinux (555387) | more than 9 years ago | (#12154288)

Removing the distribution layer is perfectly possible. The main requirement though, is having sufficient processing power and redundancy on the core to handle the access layer's connections.

Basically, if you eliminate distribution, you have to have a lot more processing power and lots more ports in the core. Depending on the network's size and distribution it will probably be more costly to build such a robust core. Also, don't forget that this thing is certain to grow. Can it scale easily and cost effectively with the more robust core? There will come a point that it will not scale effectively and the distribution layer will have to be introduced.

Re:It can be done. (5, Insightful)

Kaamoss (872616) | more than 9 years ago | (#12154334)

That's the real key, if the network can't be scalable then you're not setting your self up to do further work for the company. When you give someone a solution it should have the ability to grow with them. In the end it's almost allways cheaper to go with the more complete solution than the simple one.

Re:It can be done. (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12154464)

Smaller layer 3 devices around the LAN allows for more scalability than a central beast.

Re:It can be done. (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12155681)

...and less total cost on the cisco P.O.

Spoken like a true CCNA (5, Insightful)

Schezar (249629) | more than 9 years ago | (#12154420)

The very concept was never spoken of at university (Rochester Institute of Technology), nor has it ever come up in work (IBM).

Those three "layers" are abstractions, nothing more. The "distribution" layer is simply a term for traffic shaping and optimization. It's very useful in eliminating excess resource use on beleagured routers. Eliminating the layer is nothing more than simplifying your backbone architecture. There is no "layer" to eliminate except the theoretical one.

It always amazes me how Cisco-certified (not making any acusations here) network techs speak an entirely different language from university-educated ones. They talk about Cisco-specific concepts like they're set in stone universally, and use Cisco jargon for common and/or basic concepts.

There are other options besides Cisco, and not every network fits within the nomenclature of Cisco Jargon. You'd do yourself an immense favour to lean more about generic architecture concepts.

I don't want to sound mean, but a Cisco cert is about as useful as an MSCE.

Re:Spoken like a true CCNA (1)

zerkon (838861) | more than 9 years ago | (#12155151)

heh i go there, and well spoken...

Re:Spoken like a true CCNA (0)

Anonymous Coward | more than 9 years ago | (#12160367)

"miserable failure" [michaelmoore.com]

Not too bright. Sigs are not indexed by Google. Poor attempt at a Googlebomb. Voted for Bush didn't you?

Re:Spoken like a true CCNA (1)

zerkon (838861) | more than 9 years ago | (#12162718)

ya i know, but was hoping someone would think its funny and put it on their site...

and its not a matter of who i voted for, i just think moore is a putz

Re:Spoken like a true CCNA (2, Insightful)

brunson (91995) | more than 9 years ago | (#12155195)

I love the fact that the very next posting after this one starts with "To preface, I am a CCIE, so I know a little about these things."

To the CCIE's defense, he gave a balanced and reasoned opinion that was not rife with Cisco jargon.

I, on the other had, find it interesting to talk to university educated CS majors (I graduated with a BA in Math, but have worked as an SA and programmer for 17 years) who use lingo (especially pattern nomenclature) and discuss concepts (stateless session beans, oooooooooh) on a level that makes it clear that they a) have never written code in the real world and b) don't have a clue about the mechanics of how things actually work (what do you mean I can telnet to an SMTP port and send mail)?

Re:Spoken like a true CCNA (3, Interesting)

benjamindees (441808) | more than 9 years ago | (#12156528)

I've had experiences that negate both of these presuppisitions. At the small University where I went, I literally watched the ethernet equipment being installed. I then used it to do most of my assignments via a remote X session to the lab computers, from my dorm room. Professors looked at me dumbfounded when I told them why I wasn't attending labs any more. They wondered what I had "hacked" in order to be able to do that.

When I applied for a job at the same University as Network-something-or-another years later, they wanted someone with Cisco certs. I'm not sure if they even had more than a couple of pieces of Cisco equipment. I wrote a nice cover letter detailing my experience, and how it was not Cisco-specific, but was isomorphic to Cisco-specific concepts. I assumed that they, working for a *University*, would understand the difference between branded jargon and universal concepts. I made a point to ask for quite a bit less than what any self-respecting Cisco certified tech would ask for. I made it clear that I was a quick learner and quite flexible in my capabilities. What I got was a call back asking if I had a Cisco cert :)

On the other hand, though, try asking a professor how encryption works someday. You'll get a basic explanation of how data can be represented as ones and zeros, and by adding a key, you can obfuscate the message, and the receiver can subtract the key to get the original back. Anyone with a tenth grade education can understand that. Hell, most tenth graders could *implement* that. Now, I defy anyone to explain to the average person how to implement this simple concept with, say, OpenSSL, without using a lot of buzzword-laden crap.

There are idiots who know nothing but repeating technical jargon almost everywhere nowadays.

Re:Spoken like a true CCNA (1)

Suhas (232056) | more than 9 years ago | (#12161551)

Thank for articulating what frustrates me day in and day out.

Re:Spoken like a true CCNA (2, Interesting)

WgT2 (591074) | more than 9 years ago | (#12162988)


I love the irony you bring to light about university settings.

One would think those working for and under university level expectations, and job applications requiring EVERY-SINGLE-JOB-YOU-EVER-HAD to be listed with it, to be somewhat on the ball about how to do things, at least efficiently.

But, no.

What is often forgotten is that universities are rarely anything less than a bureaucracies. Therefore you, as I and my classmates, might get a "Unix Administrator" who is unaware of the web interface to their server's email service (squirrelmail) and instead give a crash course on Pine to a group mostly Windows raised neophytes without giving them the basic, yet amazingly helpful, courtesy tip on using "tab completion" on BASH's command line! (That last point would make a good interview question or grounds for dismisal, in my book, for an 'Admin' titled position.)

I guess the ultimate irony is that the skills universities 'intend' to teach are actually the ones that, hopefully for me, helped the very people who implimented such things as 'tab completion' and using telnet to port 25 to send email. So, all is not lost for attending such institutions. It's the bureaucracy on the backend that slows 'em down.

Re:Spoken like a true CCNA (2, Informative)

dpilot (134227) | more than 9 years ago | (#12155206)

Is the real purpose of the "Distribution Layer" to distribute revenue to Cisco?

Reading TFA and the other posts, I can see the point of reaching for that degree of networking control in a big enterprise. At the other end of the scale - the home LAN level, network bandwidth is practically where nuclear-generated electricity once promised to be - too cheap to measure. I went from 10Mb to 100Mb because it was cheap and available, not because of need, and any future migrations will likely be the same.

You're obviously in the middle, between the home LAN and the big enterprise. I suspect the degree of network control you need depends more on your usage than simply the size of your network. For instance, do you have automated tools that periodically dump a Gig of data to a fileserver? Do you feel it necessary to detect and/or prohibit employee net activity? Do you have multiple sites, or other circumstances that form weak links that need extra control? How is your backup architected, and does that constitute a weak link in the network? Or your fileservers, for that matter?

Finally can you just deploy the architecture you're proposing, but make sure the equipment you buy can fit into a 3-layer with a little reconfiguration. That may become necessary as the company grows, too.

Try prune juice! (0)

Anonymous Coward | more than 9 years ago | (#12155333)

It seems that the sour grapes have caused you a great deal of discomfort. Perhaps, the laxative effect of prune juice would relieve your discomfort.

Re:Spoken like a true CCNA (0)

Anonymous Coward | more than 9 years ago | (#12155526)

It always amazes me how university certified (not making any acusations here) people speak an entirely different language from other people. They talk about concepts like they're set in stone universally, and use jargon for common and/or basic concepts.

Jesus, do you go to sleep with your diploma, cult-boy?

Re:Spoken like a true CCNA (2, Funny)

NoMoreNicksLeft (516230) | more than 9 years ago | (#12155962)

Yeh, but did your fancy university classes teach you how to route appletalk with EIGRP? Huh? Huh? Did you learn how to bridge CDP across legacy switches? Did you even learn why open standards like OSPF may not be the best choice in a modern high-powered network, you savage? I think not.

Re:Spoken like a true CCNA (2, Insightful)

prof.morbius (871660) | more than 9 years ago | (#12157240)

I think you're underrating the value of a CCNA, but you're right that the program doesn't present alternatives and uses different terminology than the Real World. That's what bugged me about it while I was taking the program; the education was OK, the indoctrination was a pain. Of course, the real problem is folks who (like those the original poster is arguing against) accept the Cisco Gospel at the expense of actual needs analysis.

Absurd! (2, Funny)

wonkavader (605434) | more than 9 years ago | (#12158317)

Nothing could be more useless than an MSCE.

Re:Absurd! (1)

Harassed (166366) | more than 9 years ago | (#12166083)

Jeez, where does that leave me? I've got two MCSEs

Re:Absurd! (1)

sharkey (16670) | more than 9 years ago | (#12171567)

What about the male nipple?

Re:Spoken like a true CCNA (1)

tedgyz (515156) | more than 9 years ago | (#12165893)

The very concept was never spoken of at university (Rochester Institute of Technology), nor has it ever come up in work (IBM).
...


Thank [insert-diety-here] someone cleared this up for me. I thought I was well-versed in networking, but this article left me wondering what classes or books I missed. Now the answer is clear - Cisco. I make it a point to never attach myself to a brand-centric technology or concept.

Again, thank you.

You don't need it (4, Informative)

Anonymous Coward | more than 9 years ago | (#12154467)

To preface, I am a CCIE, so I know a little about these things.

You are correct that the layer 3 switches offer a different perspective on how networks can be drawn today.

It used to be that big switches would sit in the computer room, with clunky slow routers sitting on top of them, acting as Routers-On-a-Stick, with some sort of trunk connecting them to the core switch.

I think the easiest design that will give you the most benefit would be to just trunk a link to whatever closet, and use a cheap layer 3 switch (perhaps Extreme or a similar variety) in the data closet, for end user hookups.

Have gateways set up on the switch, use a default route pointing back to the core, and divide up the ports to whatever VLANs you ported over--I prefer to have a management VLAN and a few ports set up for that, maybe an extra one for SPAN/Mirroring if necessary.

The end user traffic would likely never be routed until it reached the core, unless you'd like to trunk the core traffic over to the closet. Then the access layer switch could route to the core subnet if necessary and save the core switch(es) the effort of doing such routing. If you have a small business, it wouldn't make much difference either way--many chassis based layer 3 switches do 64Gb per second routing with their fabric, and it is unlikely anyone would notice a delay from the routing in the closet or in the core.

Again, it depends on how you want it to look and how you want trouble shooting to be. But you are absolutely correct--a distribution layer is no longer necessary. I would consider it, really, to be the Core/Distribution and then Access Layers, or the Core and Distribution/Access Layers.

You still are using the concept of the distribution layer, but it has merged with another layer, depending on your design.

Oh, and don't forget about spanning tree :) You still need that.

No clear choice. (2, Informative)

redelm (54142) | more than 9 years ago | (#12154548)

Yes, with a fully switched network the major driver for a distribution layer (traffic congestion & collision domain size) has gone away. However, other reasons like expandibility, damage isolation and traffic isolation still remain. For a price. Pick your poison.

KISS (1)

bluedream (676879) | more than 9 years ago | (#12154712)

Some people seem to have to make networks overly complicated but in most enterprises, a simple and clean architecture is the best policy.

It basically comes down to switching at the core and routing at the edge. No need for all the jargon.

Re:KISS (1)

Dr. Evil (3501) | more than 9 years ago | (#12165565)

Enterprises have problems where developers need to operate in the same offices as finance or sales. The needs of the groups are very different (e.g. developers need simulated development environments which won't take out accounting, accounting needs very limited and controlled access to very special systems... ) and any one of the employees may be operating off-site through a VPN or shifting sites daily.

Moving the employees around the network hardware isn't acceptable anymore. The network needs to be flexible enough to contain one team's disaster.

Problems with one boob plugging in a machine with a static IP of a router or accidentally firing up a DHCP server are also unacceptable these days.

Depends on the size of the network (1)

jermz (6352) | more than 9 years ago | (#12154792)

From your description, I would say that eliminating a separate distribution layer would be just fine. A central layer-3 switch with enough ports to service all the users and infrastructure would be adequate for your network in most cases. You probably will end up with a distribution layer of sorts anyway as people put 4 and 8 port switches on desks for various reasons.


Speaking from the $$$ side, it looks like you have priced out both options and the core-only network would be cheaper. In that case, more power to you. Have you factored in the cost of long cable runs from the core out to the farthest reaches of the building? If it is a larger building, you could save on cabling by putting distribution switches out in the work areas and cabling a single Gig-E run back to the core.


You are talking in the tens of distribution switches, so I can assume 200-500 total ports. That's a big piece of switch gear to support that number of ports. In the case of 20-100 ports, I personally would be looking at core-only. In the case of 200-500 ports, I would look at distribution-layer solutions if only for a reduction in the tendency for high-density switches to turn into a rats nest quickly. Even if you centrally locate the distribution switches, a stack of 48 port switches with wire management in between them will be easier to manage from a cabling maintanance viewpoint.

Layer 3 Switch? (1, Interesting)

adamjaskie (310474) | more than 9 years ago | (#12154824)

The fuck is a layer 3 switch? I keep hearing this term. I was taught that hubs work on Layer 1 (physical), switches on Layer 2 (data link layer - i.e. dealing with MAC addresses) and routers on Layer 3 (network - i.e. dealing with IP addresses). Is "Layer 3 Switch" just cisco for what everyone else calls a "Router"?

Re:Layer 3 Switch? (3, Informative)

Lars T. (470328) | more than 9 years ago | (#12155114)

Layer 2 and Layer 3 Switch Evolution - Volume 1, Issue 2, September 1998 [cisco.com]
Layer 3 switching is a relatively new term, which has been ?extended? by a numerous vendors to describe their products. For example, one school uses this term to describe fast IP routing via hardware, while another school uses it to describe Multi Protocol Over ATM (MPOA). For the purpose of this discussion, Layer 3 switches are superfast rout-ers that do Layer 3 forwarding in hardware. In this article, we will mainly discuss Layer 3 switching in the context of fast IP routing, with a brief discussion of the other areas of application.

Re:Layer 3 Switch? (1)

Nos. (179609) | more than 9 years ago | (#12155198)

Google turned up an answer in less time than it took to type your question. Basically, yes a layer 3 switch will route packets based on IP addresses. Apparently there are layer 4 switches as well (think protocols like HTTP, FTP, SMTP, etc)

Re:Layer 3 Switch? (1, Insightful)

rf600r (236081) | more than 9 years ago | (#12155611)

I was taught that hubs work on Layer 1 (physical), switches on Layer 2 (data link layer - i.e. dealing with MAC addresses) and...

You were taught incorrectly, or, perhaps a more plausible possibility is that you learned incorrectly. Ethernet hubs and switches are both Layer 2 devices. Your best bet is to read /. for a while and resist posting. You may learn something from this very thread.

Re:Layer 3 Switch? (1)

ADRA (37398) | more than 9 years ago | (#12156157)

I thought that Hubs were L1 devices, but only when they don't have multiple speeds. Eg. If I have a 100BT hub that only runs at 100BT, then its a true hub and would be an L1 broadcast style route.

I fully agree though that when dealing with hubs that are for instance 10/100BT then they are forced to concider how to slot in each request between backplanes. The 10 devices work as a single hub, and the 100 devices work as another hub. There is also switching logic which bridges the two together. Usually the uplink port will receive all traffic regardless of which speed its linked on.

Re:Layer 3 Switch? (0)

Anonymous Coward | more than 9 years ago | (#12156311)

> I thought that Hubs were L1 devices, but only when they don't have multiple speeds. Eg. If I have a 100BT hub that only runs at 100BT, then its a true hub and would be an L1 broadcast style route.

Hubs buffer and rebroadcast a single frame, making them layer 2 devices (albeit really dumb ones). You can't simply glom the wires together, that only works for coax. The only real L1 device is a wire (or antenna).

Re:Layer 3 Switch? (0)

Anonymous Coward | more than 9 years ago | (#12159039)

No, hubs don't buffer frames. You can tell, because with hubs there are collisions. Hubs really are collapsed busses with amplification logic.

Re:Layer 3 Switch? (1)

adamjaskie (310474) | more than 9 years ago | (#12156262)

A hub is most certainly NOT a layer 2 device. All a hub does is re-transmit the data across multiple ports. It doesn't even look at the data. A switch actually looks at the frames, and sends them to only the port that needs it. I do not know where this would fit in with dual-speed hubs, however.

Re:Layer 3 Switch? (1)

lscoughlin (71054) | more than 9 years ago | (#12157901)

Dual speed hubs are sort of a lie.

The operate at the speed of the slowest connected device.

So, let's say ( for some bizzare reason ) you have a 10/100/1000 multi-speed hub.

If you plug a 10mb device in, all ports run at 10mb.

Since it's rebroadcast across all channels, there is no way to do "buffering" of a 10mb port usually.... which is what a multi-speed switch will "usually" do.

buffer, or slow connections across any set of ports talking slower.

Re:Layer 3 Switch? (1)

Myrcurial (26138) | more than 9 years ago | (#12169093)

Actually, the more common implementation is that of a 2 port switch, where any of the physical ports are dynamically assigned to either the highspeed or lowspeed side of a 2 port switch to handle the buffering.

Sheesh.

Re:Layer 3 Switch? (1)

decep (137319) | more than 9 years ago | (#12160343)

The only thing anybody should ever learn from reading posts on Slashdot is that almost nobody actually knows what they are talking about.

Read mine; that's all the proof you'll need.

Re:Layer 3 Switch? (2, Informative)

Zapman (2662) | more than 9 years ago | (#12156376)

You are sort of right. A 'router' is capable of working with multiple subnets, but traditionally, only has a few interfaces. A 'switch' (or hub) is traditionally only able to deal with 1 subnet, but has lots of 'interfaces' (ports).

Switches have grown up, since the advent of VLAN's, they've been able to 'route' between vlans, and have expanded to OSPF, and other high end routing protocols, while keeping the port count. These higher end switches don't usually have WAN ports (T1, T3 type), or the ability to do super high end routing (OC-16, OC-192, Terabit), which is why Cisco and Juniper still sell routers. The two terms have become quite unclear over the past decade.

Re:Layer 3 Switch? (1)

mink (266117) | more than 9 years ago | (#12167225)

What is the point of VLAN?
I have never found a need to set that on my switch, and every place I have even been that uses them all it does is get in the way of proper installation of HACMP clusters.

Re:Layer 3 Switch? (1)

Zapman (2662) | more than 9 years ago | (#12168937)

> What is the point of a VLAN?

If you are utilizing chassie level switches, you'll run into them. The point is to have different IP subnets on the same 'switch', and have the switch route appropriately (or not as needed by the network design... without the routing piece, a host on VLAN 1, can't see a host on VLAN 2. That might be how you want it.)

If you have a chassie with 8 blades of 48 ports each, it's unlikely that you want all of them to be on the same subnet, so you have VLAN's.

Re:Layer 3 Switch? (1)

drsmithy (35869) | more than 9 years ago | (#12172929)

What is the point of VLAN?

The advantages of multiple physical networks without the disadvantage of having to physically install multiple physical networks.

Note that if you're not in an environment where multiple physical networks would not be an advantage (or even a consideration) VLANs are probably not of interest to you.

Re:Layer 3 Switch? (1)

benjamindees (441808) | more than 9 years ago | (#12156655)

Yes, it's technically a router, but has lots of ports, like a switch. It's useful for doing QoS at the IP layer instead of the MAC layer, without having to translate between the two at the endpoints (workstations), which typically have crappy support for MAC layer QoS.

That is a bridge on layer 2 (1)

bluGill (862) | more than 9 years ago | (#12156767)

You were taught wrong. A bridge is a device that routes on layer 2.

A switch is a device that does the operations in hardware as opposed to software. Generally a switch will run on layer 2 because it is much easier to put the layer 2 protocols in hardware, but sometimes they will work in layer 3. (actually most layer 3 switches are a combonation, doing the common tasks in hardware, but things less common in slower software)

Unless specified otherwise, most switches today operate on layer 2, so nobody uses the term bridge to refer to a switch on layer 2. Historically nobody ever used the term layer 2 switch, but sometimes layer 3 switches were refereed to without using the term bridge.

Re:That is a bridge on layer 2 (1)

bluGill (862) | more than 9 years ago | (#12156843)

I should mention that most layer-2 switches to not have the spanning tree stuff that bridges have, so they are not the same thing. A switch is a smart hub, in that it doesn't send traffic to everyone, but it isn't smart enough to find loops in the network and deal with them. Now that networks run only routeable IP this isn't a big deal. Back when the transition from bridges to switches was made, was the tail end of the time when your network was likely to run some protocol that wasn't router friendly, so you had to find some layer 2 redundancy, while with routable protocols you put your redundancy on layer 3. (layer 3 does a much better job of using redundancy)

Re:That is a bridge on layer 2 (1)

Dr. Evil (3501) | more than 9 years ago | (#12168566)

"Route" is a special term which applies only to layer 3 protocols.

Software/hardware doesn't matter.

A bridge was an older peice of hardware designed to connect two broadcast domains, useful for nasty protocols like NetBEUI.

A switch was a multiport bridge. the MAC tables in modern switches are quite capable of bridging. I've been told that older switches had very limited MAC tables so the distinction between a bridge with two ports and a huge MAC table v.s. a switch with a huge number of ports and a small MAC table was meaningful for a brief period of time. I haven't heard of anyone speak of bridges in years.

A switch operates at layer2. A layer3 switch operates at layer 2 and 3. A router operates at layer 3.

So a switch can do stuff like mask people's frames from one another, create VLANs to restrict broadcast domains. Layer 2 decisions based on Layer 2 information.

A router can do stuff like forward packets to its various interfaces based on rules in routing tables (built statically or with various routing protocols). Nothing special, just routing.

A layer 3 switch can do stuff like spot a BOOTP offer (layer 3) and block the machine based on its MAC (layer 2), spot a duplicate IP and do the same. Layer 2 decisions based on layer 3 information.

I'm not sure what additonal stuff L3 switches can do thsese days.

L4 & L7 switches (isn't TCP/IP DoD, not OSI?) can make decisions and modify information higher in the protocol stack.

But a L3 switch is certainly not a router. It can route, but then you're not using it as an L3 switch, you're using it as a router.

It's usually not needed in a network of that size (5, Informative)

jsailor (255868) | more than 9 years ago | (#12154929)

You didn't state the size of your network other than to say small-to-mid size, but most small to mid-size networks can run fine without a distribution layer. You're also correct that it is an artifact of 1996-1999 switching technology limitations and large vendor propaganda that sells ports. You need to be careful about:

1. how you link your merged core/distribution switches: if your access uplinks are layer 2, you then have to span VLAN across core/distribution switches. If you plan on having your access switches perform layer 3 routing look into the costs your vendor may charge for that functionality. Some charge as much as $10,000 for the license.

2. Be careful you grow your VLANs and spanning trees. Definitely use per-VLAN spanning trees. Also seriously consider rapid spanning tree or vendor specific hacks (uplinkfast, backbone fast, etc.)

3. Use server access switches. Seriously consider redundant control processors in these.

4. Seriously consider redundant control and switch fabrics for the the core/distribution switches. In the three-layer model, this was not as much of a requirement. Also seriously consider the failover time associated with the redundancy you bought. Times ranges from stateful/1 second failover to 90 second reboots to the redundant processor.

5. If you do layer 3 routing and the access layer be very careful with your routing protocol design and avoid black-holes. Run through all failure scenarios and make sure you're covered.

6. Consider where you want to perform filtering for security, QoS, etc. By eliminating the distribution layer, you're forcing this the access layer. (arguably it belongs there, but think about how many places you'll be configuring and monitoring)

7. Most importantly, consider the costs after you've considered the above. You may find out that you're not saving much. Most of my clients do save, but some find out that after they've added redundancy and possibly upgraded switch models they are close the same cost.

8. Consider your support group. What are they used to? Can they adapt? Can they handle the added functionality that's been pushed to the core or access switches.

Again, I have clients with 1500 nodes running fine with a combined core/distribution. I also have a clients with 200 nodes that mandated three layers. IMHO the break point is somewhere around 1000-1500. As always every place is different, be careful, plan and you'll be fine.

Re:It's usually not needed in a network of that si (2, Informative)

CounterZer0 (199086) | more than 9 years ago | (#12156769)

I think the key reason to have that middle layer is for scalability these days.
Buying 15 smaller switches, and collapsing/trunking 200 switches onto 15/30 Gig/10Gig uplinks to a core means my core only needs 15/30 ports, instead of 200+. Sure, you don't *need* it, if you can afford the port density of that size on your core, but any decent sized network is going to be pressed for that kind of cash :)
It's significantly cheaper/easier to provided redundancy for 30 GigE ports than it is to provide redundancy for 150 GigE ports (both in cost and wiring complexity...).
But, if you've only got 15 switches, I'd just forgo the distribution layer, as it'd be cheaper and easier for you to manage a single core (or maybe 2) with a single 15 port GigE blade or something than to setup proper distribution switch layers.

But, as you grow, definitely make sure you investigate it - most of my sites have 3-4 distribution switches, serving 8-10 access switches each, but I've got one site where the previous designer decided a distrbution layer was unneccesary. He left me with 83!!! GigE fiber ports terminated on 2 core chassis ('cause the vendor didn't sell anything with 83 GigE ports in one chassis...that should have been a warning sign). So, when I want to upgrade that sites equipment, I'm kind of up a creek with no paddle, as it's INCREDIBLY disruptive and hard to move all that fiber, etc.

So, like the parent said, 'it depends', and make sure you are planning for realistic growth over 4-5 year period (at least)...

Think in terms of scalability (1)

duffbeer703 (177751) | more than 9 years ago | (#12155015)

Think about what you'll need tomorrow, or three-five years from now. Then think about whether you'll be able to scale your design without rebuilding...

Alot of vendor supplied designs are made assuming that you are going to grow exponentially... which may or may not be your case.

Depends on how you define "distribution layer" (4, Interesting)

dtfinch (661405) | more than 9 years ago | (#12156167)

We just have a stack of 24 port gigabit switches. 4 ports on each switch is set up as a trunk to connect them together, effectively turning them into one giant, fast, very cheap gigabit switch. Looking at the Cisco diagram, this might be considered our distribution layer.

We normally have one port on the switches for each system, with the exception that in some locations we have smaller switches to allow them to share a line, so that we don't have to rewire the building. We also use some smaller switches as repeaters to parts of the building too far away to connect directly to the central switches. Those small switches outside of the server room, along with all our servers and systems, might be considered our access layer.

Then we have a tiny linksys router, intended for home use, connecting the entire building to the internet. I know, it sounds scary, and unprofessional, but it seems plenty capable of filling the bandwidth of a T1 and tracking as many simultaneous tcp connections as we use. We'll consider replacing it at the first sign of trouble. I guess this is our core layer.

I suppose that whatever you use at the top level to connect your systems to create a single network can be called your distribution layer. The switches may get cheaper over the years, but it's the same thing. If you just have a chain of 8 port switches running around the building, then your distribution layer is a bunch of 8 port switches.

However you design your distribution and access layers, your main goals should probably be to minimize line problems (mostly due to distance) and avoid bottlenecks. You seem concerned about price, so if you decide to use 100mbit switches to keep the price down, I recommend that get the kind that have gigabit uplinks and plug them into a gigabit switch, and plug your servers into the gigabit switch as well. Otherwise, your effective bandwidth will be 100mbit total rather than 100mbit per user.

I've designed just such a thing (4, Informative)

Jjeff1 (636051) | more than 9 years ago | (#12156266)

For a school, they have 5 buildings on a campus. Within each building was 1 to 5 wiring closets. A total of 900 ports or so. Their requirements were simple, they wanted speed, multicast support, and some access control between VLANs. IP only.

I'm a consultant and work with hardware from just about anyone, so it makes no difference who they bought. We were hired to design a network for this school using various vendors equipment. Primarily to compare costs.

In the end, they went with a solution from HP. A single 5300xl in each building connected to a bunch of 48 port edge switches in each closet. Their server room has a 5300xl with a couple Gig blades and a second 48 port Gigbit switch.

What really decided the issue was cost. They didn't need support for all the assorted protocols and features you get with cisco, and they didn't want to pay for it. With cisco, you had a 6500 series monster in the datacenter, then a distribution switch in each building, and a bunch of edge switches.

The HP solution was well under a third of the cost of the cisco solution, also free lifetime next day replacement warranty on hardware. For the money they saved, they can afford to have a shelf full of spares, including a spare core switch.

Personally, instead of looking at what model you want to use, look at what you need your network to do, then talk to your prefered vendors and see who can do it at the best price point.

No its still needed (1)

bolix (201977) | more than 9 years ago | (#12156306)

As we regress to the Network is the Computer model (aka the network is a mainframe with intelligent terminals and completely virtualized services), the distribution layer becomes more and more important.

Aside from the benefit of building the physical layout to represent (as much as possible) the hierarchical virtual topography in aiding troubleshooting, the Cisco Campus/DS layered design allows for the layering of services without having to swap out switches e.g. bringing routing to the switch port isn't going to help with efficiently positioning a Storage Virtualization Controller, VoIP, IPTV, Meta-Identity servers etc.

Re:No its still needed (1)

bolix (201977) | more than 9 years ago | (#12156511)

Note: i sat in on a roundtable with Charlie Ciarcarlo (the Cisco CTO) a few weeks ago. Cisco intend to virtualise bloody everything. Their stated intention is to move intelligence from the edge/periphery back into the network. This will break the (to paraphrase) "Network of Stupid Networks" model for the free market explosive growth of the internet. I have doubts that it will do anything other than drive revenue into Cisco networks but am interested in the GRID computing as stepping stone model. Ciscos roadblock is adoption of the facilitating technologies on the Windows desktop. The primary administration benefit was the hoary old policy based network model - i've been listening to people tell me policy management is going to make my life easier for 10 years. I'm still using SNMP for monitoring and expect scripts for changes. I have built networks around 4500's, the only benefit is an ability to skimp on DS SupeModules.

Your budget is too big (2, Insightful)

fred fleenblat (463628) | more than 9 years ago | (#12156486)

Count your blessings. You'd be amazed at how many small to medium sized companies (2000+ employees) have one Cisco router in a rack somewhere and use consumer grade linksys or d-link 10/100 switches everywhere else.

For sending email and word docs around, you really don't need the whole Cisco hierarchy. On the other hand, If you're sending uncompressed production video around, it's not enough.

Your network is too small. (1)

FreeLinux (555387) | more than 9 years ago | (#12158160)

(2000+ employees) have one Cisco router in a rack somewhere and use consumer grade linksys or d-link 10/100 switches everywhere else.

If you have such a network, please post pictures. The Slashdot populace would LOVE to see that beast. Shudder

Re:Your network is too small. (1)

fred fleenblat (463628) | more than 9 years ago | (#12159197)

I don't work there no more (disclaimer: my leaving had nothing to do with their network architecture).

But I know a network consult who has described to me far worse scenarios:
- Unstable networks that don't behave the same if the various elements are powered up in a different order
- People bringing in their own wifi equipment and creating and routing new subnets on their own initiative, and the network admin people don't see it for a couple of MONTHS
- Cheapo hubs that assume all equipment is at least FDX 10baseT. Works fine until you move that vintage but still-useful sparcstation onto one of them. (The microsofties blame Sun for being broken--a similar vintage windows box wouldn't even have ethernet.)
- Run out of ports in an incovenient part of the building? Don't bother with a home run, just put a linksys 8 porter resting on a ceiling tile and start plugging. Run power to it using the cheapest extension cord you can find.
- Subset of things plugged into UPS's according to no particular plan except maybe some manager demanding to be able to print TPS reports during a power outage or some equally insane requirement. Other stuff on surge suppressors with no visible joules rating (i.e. useless).
- Configuring application firewalls or even DMZ's takes extra effort and thus just doesn't get done.

Honestly, this kind of stuff isn't the extreme, it's the norm.

A top-quality network architecture created and installed by pros using top-notch equipment is really cool, but companies are realizing that a little network downtime doesn't mean their company is going to grind to a halt. Their web site is colo'd and independent. People can still open and edit documents, make phone calls (unless they have VOIP, suckas), have meetings, etc. Revenue generating people like sales and marketing are out at customer sites using their networks anyway.

And when the crappy consumer grade stuff fails they can swap in a new one for cheaper than two weeks maintenance on a cisco box. Because of the core strength of ethernet and TCP/IP, most failures are localized to a small group so it's really not a bad strategy if cost-effectiveness is any concern.

Sorry, no pictures :-(

Re:Your network is too small. (2, Interesting)

Dr.Dubious DDQ (11968) | more than 9 years ago | (#12160209)

And when the crappy consumer grade stuff fails they can swap in a new one for cheaper than two weeks maintenance on a cisco box.

And that, in a nutshell(tm), is what I absolutely hate about the "high end" stuff. The fact that the up-front cost to gain ownership of the physical device is one thing, but the hefty recurring fees to get ANY kind of support (including, as far as I can tell, bug-fixes, security updates, and so forth) get insane very quickly. Especially when you're presumably willing to pay the premium "ownership" price because the device should then not NEED much of anything in the way of "maintenance" to keep it running. I've come to think of this as just another "protection" racket - "Nice network you've got, and such an expensive router. it sure would be a shame if someone happened to find a security flaw and you didn't have access to updates, wouldn't it?" Taking that into account, it may often cost LESS to just replace the "consumer grade" stuff as it fails that it costs to keep paying "maintenance" fees on the expensive stuff.

I've gotten quite irritated with Cisco on this front - I picked up a Cisco 768 DSL router to replace the "Actiontec" piece of junk that the phone company was renting out. I went to Cisco's website to check for updated firmware and so forth, and got told "you have to register to see this". So, I went and gave out all the precious marketing information (name, address, phone number, blood type, shoe size, etc. etc. etc.), finally got to the end of the "registration" process, and got "Ha, ha, sucker, you STILL can't see this stuff because you're not a 'paid support' user or a 'Cisco partner'...". Thanks, Cisco, thanks a lot.

(On the upside, the router HAS been very reliable so far...and doesn't decide to just stop routing packets for no good reason until rebooted like the Actiontec modem did...)

Re:Your network is too small. (2, Informative)

dTb (304368) | more than 9 years ago | (#12164031)

Please read a Cisco vulnerability announcement. You will see toward the base the procedure to get a free update that fixes the vulnerability if your equipment is not covered by smartnet. I quote:
Customers who purchase direct from Cisco but who do not hold a Cisco service contract and customers who purchase through third-party vendors but are unsuccessful at obtaining fixed software through their point of sale should get their upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Please have your product serial number available and give the URL of this notice as evidence of your entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC.

Re:Your network is too small. (1)

tigersha (151319) | more than 9 years ago | (#12163643)

Oh yeah! Welcome to the REAL world. I work in a non-profit. Sounds familiar. But hey, it works!

Distribution layer exists only in the Ciscoland (2, Insightful)

wikinerd (809585) | more than 9 years ago | (#12156617)

The term "distribution layer" is defined by Cisco, which is just a corporation. There is no standard where you will encounter this term.

The most well-known networking standards are the OSI model [webopedia.com] and the TCP/IP model [networkdictionary.com] . Neither of these standard models include the term "distribution layer", which means nothing by itself: Is it about physical-electrical distribution, data distribution or information distribution?

I personally dislike "standards" or tech-speak set by corporations and I believe international bodies and computer scientists should be preferred when it comes to standards and technical jargon: Imagine two computer scientists, one using Cisco-speak and the other knowing only Microsoft-speak, how are they going to communicate? It's impossible! - unless they both adopt a common language like these proposed in the OSI or TCP/IP model.

I personally can communicate network concepts using the OSI model, and I am completely unaware of Cisco-speak. In an attempt to answer your question, I will assume that by "distribution" Cisco means "routing", which translates to "Internet layer" in TCP/IP-speak and is related to the Internet Protocol, while in ISO-speak it translates to "Network layer". If my understanding is correct, then the answer is that no matter how small your network is, you will want to use routing, for example for connecting your small network to the Internet. Even if the routing functionality is included in a device of another layer, or even when it is implemented in software, it will always be there, no matter whether the users or even the administrator can see it, especially if you are going to use the TCP/IP protocol suite.

Re:Distribution layer exists only in the Ciscoland (1)

afidel (530433) | more than 9 years ago | (#12157458)

Distribution does not mean routing. Distribution means policy. Cisco's model is to do very fast, efficient routing at the core, and fast switching at the access layer and leave all of the heavy policy processing in the distribution layer. This is a VERY scalable model, and it also happens to lead to a lot of switch sales... From what I saw of Cisco's own network (late 90's) they didn't even follow the idea themselves for satelite offices. In the satelite offices I admin'd we had one or more routers, connected to a pair of 6500 series chassis with redundant supervisor modules connected to the routers. These constitued the core. The access layer was a 6500 or 4500 series layer 3 switch connected to both of the core switches. Policies were implemented on the access layer switches which had more than enough oomph to do both fast switching and policy management.

Re:Distribution layer exists only in the Ciscoland (1)

ldspartan (14035) | more than 9 years ago | (#12157590)

Did you just seriously write three full paragraphs saying that you don't know what you're talking about?

The OSI and TCP/IP models are not even remotely analagous to the Cisco model of Core / Distribution / Access. OSI and TCP are describing network stacks, the Cisco model is describing a suggested physical network topology. Since your assumptions are unbelievably false, and you haven't bothered to do even the most cursory amount of research, the rest of your bits are wasted. Way to go.

--
lds

ex CCNA wannabe (1)

1eyedhive (664431) | more than 9 years ago | (#12157264)

Back in my early days of HS, i had the fancy to grab an A+ cert, followed by a CCNA and MCSE...
I studied for the A+... then the changed the test and I didn't bother.
I read a few MCSE books... got bad vibes.

I took a CCNA course (semesters 1 2 and 3), picked up every last vender-neutral concept I could. Then the thing started selling Cisco specific concepts, moving away from concept and towards (cisco specific) implementation, teaching you to hawk cisco gear as much as know the (cisco-bent) basics.

I quit.

Granted, I still admire cisco gear (my home lan has a Catalyst "micro switch" 8 port at its core (damn thing's huge). I realized at that point that locking myself into one vender was a Bad Thing(TM).

Re:ex CCNA wannabe (1)

krappy (802851) | more than 9 years ago | (#12161607)

Well, there are two things I want to say here:

1- As for whether distribution layer is needed or not, I aggreed with an earlier post (somewhere up the page) that this is just an abstraction. By "distribution layer" you mean the place where filtering and access control (i.e. policy networking) is happening. So IMO it all depends on whether or not such functionality is required in your company.

2- I've seen a few posts bahsing cisco concepts and certs in this article. Personally I have been through a few cisco courses and I found it interesting and rewarding. I believe good or bad depends on the way you look at it. If you try to cram all the cisco-specific terms and jargons it may be boring but if you look at it as a way to gain understading of how things work, it is interesting and can apply anywhere, on any equipment brand, not just cisco.

Your a moron... (0)

Anonymous Coward | more than 9 years ago | (#12158131)

I have to disagree with you. The distro layer is important to the redundacy of the network? Lets see if you had say a large international network..like the internet...and you use only one router? and it fails... you tell me. Well thats a rather large example..lets pick a small to mid size business... say wiht 10 or so switchs..like yours.... Well, if you installed a few routers (read: redundantly)..1 per floor. You divied failure points instead of creating a situation where the whole network could go down. I guess you missed that part in CCNA or Sysadmin class...

Real world story. (1)

Zapman (2662) | more than 9 years ago | (#12158392)

We got to move buildings. Great experience if you can get the company to foot the bill.

We ended up using a distribution layer because it made the config easier, and centralized a lot of complexity, and didn't cost an arm and a leg in fiber uplink ports. We utilized Extreme Networks 7i switches as distribution (44 gig fiber links), which (compared to core chassie blades for the same fiber density) were cheep. We then uplinked each distribution layer switch (2 of them) to the 4 core chassies. This cost 8 core fiber links, as opposed to 40 (2 per floor, 20 floors), which adds up in a real hurry.

It comes down to the greenbacks. With Extreme gear, that 7i is a beautiful distribution layer for not a huge outlay in cost. It also simplifies configuration, since the floor switches are 'dumb' (configure 1 vlan over all ports, configure management IP address, done.). YMMV, especially with other venders (cisco).

well... as a CCNA (1)

hjf (703092) | more than 9 years ago | (#12172746)

as a CCNA i have learnt quite a few things. for starters, not everything can be done on a linux server (no cunt, you cant route 40GBps on a linux server, and that's the smaller cisco 12000 series routing capacity). before i got into the course, i thought ccna was for idiots (in some regards, i still think that), but i realized that the kind of info i got from that course was very helpful. recently, a client asked me to configure a 2511 dialin server. sure thing, in a few minutes it was set. why? because I got experience in cisco gear, thanks to CCNA. of course, i *could* have googled all that info, or i *could* have used a linux server and a multiport card (what for? a 2511 is cheaper than an pentium with a multiport card, and it takes less time to configure a 2511, and has better uptimes, and no hard drive... etc) but this is slashdot, basically the know-it-all smartass geek hideout. i was one of you once, but I found out that there is more of networking than your l33t hax0red pimped-up linux box. of course, I use linux, and it gets along quite OK with Cisco. I manage a WISP, and we run a linux access server (because the cisco solution was way expensive), with 3COM NICs and a Cisco Aironet AP. so what? just that: balance. the aironet 1200 is a top of the line (no pal, your d-link, buffalo or even linksys ap doesn't even compare to it) access point and my linux box runs great. the 1200 was expensive, but it paid for itself, now we have over 120 simultaneous associated stations into that single AP (you can't do that with other APs!), and the linux box authenticates, authorizes and accounts (RADIUS) users, and then proceeds to limit bandwidth for the users. I, for one, own only 1 piece of cisco hardware: the 677 ADSL modem, which I bought from the telco for $10. have it since 2001 and still runs great.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>