webnetwiz
There's no place like 127.0.0.1
Premium
join:2004-09-22
Van Nuys, CA
| reply to kracksmith
Re: Cisco Vs FastIron
I currently have an environment that has both Foundry and Cisco. Foundry is cheaper, it is well suited for non-complex environments, seems to work well at layer 2 and some basic routing. Now, having said that, Foundry is not good at doing multiple things at the same time, like running OSPF and BGP on the same box (CPU issues). The FastIrons I have have a limit of only 255 layer 3 interfaces (SVIs) for your VLANs, so if you like to match your layer 2 VLAN number with a layer 3 SVI, you've got to lay out your VLAN numbering schema right, otherwise it'll be an issue. I ran into a very nasty bug with UDLD, and currently am troubleshooting some VRRP and STP issues. So, basically for access layer, they're ok, for core and distribution, you're better off with Cisco. Oh yea, Cisco TAC support is WAAAAY better than Foundry.
P.S. Don't want to seem like a Cisco fanboy, so I am getting some Juniper EX series to run through some paces, that's gonna be fun. |
|
TomS_
debugger it
Premium,MVM
join:2002-07-19
Australia
| said by webnetwiz  :The FastIrons I have have a limit of only 255 layer 3 interfaces (SVIs) for your VLANs, so if you like to match your layer 2 VLAN number with a layer 3 SVI, you've got to lay out your VLAN numbering schema right, otherwise it'll be an issue. That sounds very non-compliant with the standards for dot1q, which defines that VLAN IDs can range from 1 to 4094.
Are you sure its simply not a maximum of 255 interfaces, rather than a maximum VLAN ID of 255 as per what I said above?
Cisco's generally have a VLAN limit of around 1000, but that doesnt mean the maximum VLAN ID you can use is 1000, it simply means you can use any valid VLAN ID, but you can only use 1000 of them.
Id be more inclined to think this is the same deal with the Foundry, except limited to 255. I would certainly hope so, as it would be incredibly dodgy! |
|
webnetwiz
There's no place like 127.0.0.1
Premium
join:2004-09-22
Van Nuys, CA | The foundry does support VLAN IDs up to 4094, but if you wanted to create an SVI, i.e. interface vlan 4000 (a layer 3 interface), you would not be able to do that in a FastIron, as the SVI numbering only goes from 1 to 255. It's annoying. |
|
aryoba
Premium,MVM
join:2002-08-22
| said by webnetwiz :The foundry does support VLAN IDs up to 4094, but if you wanted to create an SVI, i.e. interface vlan 4000 (a layer 3 interface), you would not be able to do that in a FastIron, as the SVI numbering only goes from 1 to 255. It's annoying. I wonder what the reason is behind having so many VLAN (4000+ VLAN).
As a good practice and a good network design, I usually do more of non-VLAN routing whenever possible. I usually implement VLAN when there is a host that only do static route (i.e. workstations or servers with only default gateway to reach other part of network). If all hosts within some subnet are capable of dynamic routing, then I don't bother creating VLAN for such subnet. |
|
kracksmith
join:2004-07-14
Fullerton, CA
edit:
May 7th, @08:00PM
| Thanks for all your opinion feedback. I think I'm just going to go with Cisco product, not my money. and if I'm trying to save money and things break, my recommended product decision won't be trusted in the future.
I was just testing if Fountry did have any advantages over Cisco. The only thing I notice is the pricing. Cisco is about $800.00 more.
I'm creating a PO for four 3750 with the modular empty. 10G backbone is too much for us right now. We're just going to aggregate the 4-8 ports instead. Most likely 8G backbone but maybe 4G backbone don't know yet.
These 3750 will allow us to VLAN (what we need mostly here) and add port security, plus we're going to stack 3 of them (will give us 36G backbone)with the other 3750 being aggregated.
If one of the four 3750 needs to run Layer 3 then can it still be stacked or i need to bring the stacking down to two switches instead so one of the 3750 can route VLAN. If this is the case would a 3750 be a over kill just for this dedicated purpose?
Last question, wondering can each port on the 3750 have multiple VLAN, if so what is the limit (not that i'm going to max it out, just wanted to know)? or is it 1 VLAN per port? |
|
TomS_
debugger it
Premium,MVM
join:2002-07-19
Australia
edit:
May 7th, @09:05PM
| reply to aryoba
said by aryoba :I wonder what the reason is behind having so many VLAN (4000+ VLAN). As a good practice and a good network design, I usually do more of non-VLAN routing whenever possible. Youre not serious are you?!?!!?
VLANs are the most useful invention in the networking world. Clearly you dont appreciate their value because you dont use them frequently enough. 
Consider the following scenario:
A large ISP in down town New York has 1000 customers hanging off a single router.
Without VLANs that ISP needs a router with 1000 individual physical interfaces to service each customer.
With VLANs, that ISP needs a router with a single interface, and for each customer they create a subinterface in a particular VLAN. Those VLANs can then be trunked from switch to switch all over New York, and indeed the world, and pop out at a switch port anywhere the ISP or customer needs or wants it to.
You cant tell me that not using VLANs is good practice or even good network design......
Not to mention Q-in-Q, which allows you to trunk a further 4094 VLANs through each of the original 4094 VLANs, allowing you to effectively run 16.7 million VLANs on a single network. |
|
aryoba
Premium,MVM
join:2002-08-22
| reply to kracksmith
said by kracksmith :Thanks for all your opinion feedback. I think I'm just going to go with Cisco product, not my money. and if I'm trying to save money and things break, my recommended product decision won't be trusted in the future. I usually recommend "the best" from performance perspective to management. Should the management choose different product that are cheaper but with less performance level, then it would be management's fault; not mine.
said by kracksmith :I'm creating a PO for four 3750 with the modular empty. 10G backbone is too much for us right now. We're just going to aggregate the 4-8 ports instead. Most likely 8G backbone but maybe 4G backbone don't know yet. How do you plan to aggregate? Etherchannel? Layer-3 switching approach? Or both?
said by kracksmith :If one of the four 3750 needs to run Layer 3 then can it still be stacked or i need to bring the stacking down to two switches instead so one of the 3750 can route VLAN. If this is the case would a 3750 be a over kill just for this dedicated purpose? Before going into that, let me ask you this. How do you plan in designing the network? Are there going to be core, distribution, and access switches? Are all end users (i.e. servers and workstations) connecting to access switches only? |
|
aryoba
Premium,MVM
join:2002-08-22
| reply to TomS_
said by TomS_ :said by aryoba :I wonder what the reason is behind having so many VLAN (4000+ VLAN). As a good practice and a good network design, I usually do more of non-VLAN routing whenever possible. Youre not serious are you?!?!!? I'm dead serious.
You should see the reason once you read on ....
said by TomS_ :VLANs are the most useful invention in the networking world. Clearly you dont appreciate their value because you dont use them frequently enough. I'm not sure about the most useful invention aspect. However I'm sure I use VLAN frequently enough to say my previous comment.
said by TomS_ :Consider the following scenario: A large ISP in down town New York has 1000 customers hanging off a single router. In case like this, then yes; the single router (or the single 3750 switch in some ISP network) terminates 1000+ VLAN.
I'm guessing that kracksmith network design requirement is coming from a corporate. I also understand that you TomS_ comes from ISP network. Allow me to make a note that each network requires different network design.
Since this thread should be about corporate network design requirement, then my statement above may only suit such and not ISP network design requirement. |
|
luminaire
Premium
join:2005-03-22
Oakville, ON
clubs:
| I was going to pipe up about the VLAN comment, but I figured my service provider opinions don't represent the majority. I guess someone else brought it forward anyway.
--
Luminaire
My Blog |
|
kracksmith
join:2004-07-14
Fullerton, CA
| reply to aryoba
I'm plan to aggregate by Etherchannel.
If I'm planning to purchase four 3750 and I want to stack 3 of them and have the 4th one out in the warehouse aggregated. Looks to me this would be all used as a Acces switch provide there are no VLAN to route.
Now if I plan to use VLAN which we are, then I would need something to route the VLAN right. So do I stack 2 of them and configure the 3rd switch as the Distribution switch for routing the VLAN, and use the 4th switch in the Access level being aggregated.
Would the 3rd switch 3750 up above be a waste? or should I look at another Cisco switch for this purpose?
Or would it be better to stack 2 of them use the 3rd one for aggregate etherchannel and layer 3, then connect this to the forth switch which sits in the warehouse? meaning data from the 4th switch (warehouse) is going through the Distribution switch then to the Access stacked switch?
So no Core switches for us now. I don't think we need that yet. |
|
aryoba
Premium,MVM
join:2002-08-22
| said by kracksmith :I'm plan to aggregate by Etherchannel. If I'm planning to purchase four 3750 and I want to stack 3 of them and have the 4th one out in the warehouse aggregated. Looks to me this would be all used as a Acces switch provide there are no VLAN to route. Now if I plan to use VLAN which we are, then I would need something to route the VLAN right. So do I stack 2 of them and configure the 3rd switch as the Distribution switch for routing the VLAN, and use the 4th switch in the Access level being aggregated. Would the 3rd switch 3750 up above be a waste? or should I look at another Cisco switch for this purpose? Or would it be better to stack 2 of them use the 3rd one for aggregate etherchannel and layer 3, then connect this to the forth switch which sits in the warehouse? meaning data from the 4th switch (warehouse) is going through the Distribution switch then to the Access stacked switch? So no Core switches for us now. I don't think we need that yet. I usually start with the end user (i.e. workstation, server) requirements as following then go from there.
* Are there any machines that will be running dual NIC, where one NIC goes to one switch and another NIC goes to another switch?
* How many ports in total for each room or building?
* Are there multiple floors or buildings to interconnect?
* How much throughput was needed by each machine?
* Are you expecting more machines in near future? |
|
TomS_
debugger it
Premium,MVM
join:2002-07-19
Australia
| reply to kracksmith
said by kracksmith :If I'm planning to purchase four 3750 and I want to stack 3 of them and have the 4th one out in the warehouse aggregated. Looks to me this would be all used as a Acces switch provide there are no VLAN to route. Is there any particular reason why you need to go for the 3750's? About the only advantage you get from them is the ability to stack.
The 3560's can still deliver PoE and can do routing aswell.
If you dont need stacking, you might want to look at the 3560's as they will save you a few thousand dollars, the boss will probably like that.
And if you do need additional 3560's later you can always link them together using gigabit uplinks.
said by kracksmith :Would the 3rd switch 3750 up above be a waste? Yes. If you have a 3750/3560 in your server room, or a more central wiring closet, you could use that to do the routing instead. |
|
TomS_
debugger it
Premium,MVM
join:2002-07-19
Australia
| reply to aryoba
said by aryoba :You should see the reason once you read on .... I still dont see youre point.
But thats all I'll say, otherwise I'll just be hijacking this thread. |
|
bky
Premium
join:2002-07-05
Austin, TX
 ·AT&T U-Verse
| reply to aryoba
said by aryoba :Since this thread should be about corporate network design requirement, then my statement above may only suit such and not ISP network design requirement. Smaller network environments benefit from vlan segmentation just as much as a service provider would for security, scalability, compliance, and management. May not be as many as the service provider would have, but definitely good practice. |
|
kracksmith
join:2004-07-14
Fullerton, CA
| reply to aryoba
1. No machines running dual nics
2. we need about 250 ports in all the building (some rooms will inherit our existing smart switch or unmanaged switches
3. just one floor
4. each machine will need 1G. this is the same for our smart and unmanaged switch. all 1G.
5. no, we are not expecting more machines in the future. we will be replacing them but not adding on.
TomS, the only reason why i posted the 3750 is because the Cisco sales guy want to sell four to me. If i can get away for something cheaper I will, just like the question I asked about one of the switch being a dedicated VLAN routing.
If the 3750 is that much of a difference from a 3560 and the only difference is stacking then maybe we can just do aggregated instead within the 3 switch inside the wiring closet?
Ok what I'm trying to do is strengthen our unmanaged daisy chain network with redunancy and security, also make it more efficient.
Hopefully with these switches that I need to purchase will do the trick. I need to have a strong network because we are planning to throw in VoIP soon. VoIP need to be on it's own VLAN, servers need to be on it's own VLAN, us network technicians need to have our own VLAN, guest that comes in that needs a data connection needs to be on a separate VLAN, and so does our wireless, and etc.......
We don't have nothing, no security, no monitoring, no nothing. This needs to improve greatly before we add more things to this network. Currently I have no control what has been transfered on the network. Who has plugged into the network. I am so reactive right now and that needs to change to proactive ASAP. |
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Budd Lake, NJ
 ·Optimum Online
| reply to bky
said by bky :Smaller network environments benefit from vlan segmentation just as much as a service provider would for security, scalability, compliance, and management. May not be as many as the service provider would have, but definitely good practice. Just curious, in your typical corporate environment, at what point does it pay to start throwing groups (floors, departments, whatever) into their own VLAN and subnet? I would imagine that the further you partition things, the easier troubleshooting becomes. Way back when this was not easy since crossing a subnet boundary meant going through a router that was a bottleneck, but I'm assuming these days with wire-speed layer 3 switches that bottleneck is gone.
I imagine if I were dropping 5 figures or more on L3 switches, I'd partition the hell out of things. |
|
TomS_
debugger it
Premium,MVM
join:2002-07-19
Australia
| reply to kracksmith
said by kracksmith :TomS, the only reason why i posted the 3750 is because the Cisco sales guy want to sell four to me. If i can get away for something cheaper I will, just like the question I asked about one of the switch being a dedicated VLAN routing. Ahh that explains a lot. Yes, you can get away with spending less.
said by kracksmith :If the 3750 is that much of a difference from a 3560 and the only difference is stacking then maybe we can just do aggregated instead within the 3 switch inside the wiring closet? It is one of the biggest differences between the two series. Keep in mind that stacking cables have distance limitations, so it would be impossible to stack switches on different sides of a building. Uplinking all switches to each other with gigabit, or multiples of gigabit will probably do just fine. |
|
kracksmith
join:2004-07-14
Fullerton, CA
| Ok, we are set and going with the 3750 for stacking. 3750 will cost us close to 10 grand each. 3650 are about 6 grand each.
We're planning to stack three 3750's then run 4 one gig to the 4th 3750. (I'm going to talk them down to a 3560 for this though).
My question is, would I need another 3750 to route VLAN? or would all these switches be operating in layer 3 full time? |
|
TomS_
debugger it
Premium,MVM
join:2002-07-19
Australia
edit:
June 19th, @07:42PM
| Use the switches that make up the stack to do the routing. You dont need another individual switch or router to do your inter-VLAN routing.
They will all form a single unified entity once stacked, so there will be a single management interface for all elements in the stack, so you only need to configure your routing and other options via the master. The appropriate bits of config are then pushed out to the other stack participants. |
|
kracksmith
join:2004-07-14
Fullerton, CA
| Thanks Toms
regarding the 3 stacked 3750's. What about rebooting? how does this work? let's say we configured it to be stacking and they are a single unifed entity. Let's say we need to power it down. Can i turn them all up at once or do I need to turn each one by one.
sorry i never worked with stacking so I'm just trying to prepare myself for the worst. |
|
