Choosing the best campus switches for your network environment
A collection of articles that takes you from defining technology needs to purchasing options
There's no denying campus LAN switches have made significant strides over the years in performance, integration and the sheer number of specifications that can be configured. That being said, the actual design used in most campus enterprise LANs has remained largely unchanged for the past decade or so. Yet, because there are so many new features and new marketing jargon propagated by LAN switch vendors, the once clear-cut dividing lines between the three tiers of a campus LAN network -- access, distribution and core -- are becoming blurry.
Campus LAN switch design: The three-tier model
The primary goal of any campus LAN design is to provide end-to-end connectivity using the fastest path possible. Secondary goals include things such as application optimization, redundancy, security and ease of management. But since our primary goal is speed, most designs revolve around the idea that a device located on one side of the network can minimize the LAN hop required to reach a device on the complete opposite side of the campus LAN. This is where the three-tiered, hierarchical design comes into play, as shown here:
From a high-level perspective, all end devices, such as PCs, laptops, servers and wireless devices, connect to what is referred to as the access layer. Access-layer switches then connect upstream to the next tier -- the distribution layer. Finally, the distribution-layer switches connect to the top tier -- the core. And, as you can see, this simple design allows for devices to be at a minimum number of device hops away in order to communicate.
For the most part, network administrators understand the three-tiered hierarchy from a data-transport perspective. But where things get difficult is in differentiating an access, distribution and core switch from the other number of network services they are so often asked to provide. In the next few sections, we will go into detail as to which layer of the three-tier design you are most likely to deploy various types of network services.
Duties of the access layer
The role of the access layer is to connect end devices to the network for communication. Typically, access switches operate at Layer 2 of the OSI model and keep track of a table that maps MAC addresses to switch port interfaces. If multiple virtual LANs (VLANs) exist on the switch, the uplinks from the access switch to the distribution-switch tier are configured as trunks that transport multiple VLANs across a single link using VLAN tags. Because the switches use Layer 2 for transport, they are configured to support the Spanning Tree Protocol (STP) to avoid network loops with nearby access switches, as well as with switches in the distribution tier. In terms of network services, access switches are commonly configured to either set quality-of-service (QoS) markings or to trust the markings from end devices. The markings are then used to divide data into different classes, where traffic policies are then enforced end to end throughout the rest of the network. Access-control mechanisms such as 802.1x authentication may also be configured on the device ports to help identify users who are attempting to gain access to the network.
Duties of the distribution layer
Seated between the access and core tiers, distribution switches are in charge of the majority of network services on a campus network. The following duties are often performed at this layer:
- Termination of Layer 2 VLAN trunks coming from the access switches.
- Serve as the Layer 3 default gateway for access VLANs.
- Designation as the root bridge for STP.
- Configuration of most routing protocols and redundancy or high-availability protocols.
- Creation and application of access lists to filter traffic.
- DHCP server services -- or serve as a DHCP relay.
- Centralized point for multicast configurations.
QoS policies are also set and enforced based on the classification they were assigned to by the access switches.
Duties of the core layer
The sole purpose of the core layer is to move packets from the distribution tier, across the core switches and back down to the next distribution block as fast as possible. There should be no services -- other than basic QoS policy enforcement -- or filtering at this tier. Remember, those duties are left to the distribution layer. But because of the likelihood that a great deal of traffic will be passed from one core switch to the next, this top tier in the hierarchical model is where the largest amount of throughput is needed. Therefore, you likely see 10, 40 and 100 Gbps connections and techniques, such as port-channeling, used heavily on these switches. It used to be that core switches operated at Layer 2, because Layer 3 switches could not push packets at wire speed. But this hurdle has been overcome long ago -- and most modern core switches operate at Layer 3 and use routing protocols for redundancy, as opposed to STP at Layer 2.
It's also important to note that on smaller networks, with less traffic passing between core switches, a fully separate core switch tier is not always necessary. Instead, many administrators of smaller enterprise networks choose to implement what's known as a collapsed-core architecture. This is where the core takes on the duties of both the core and distribution tiers. It's a cost-savings measure that also eliminates yet another hop along the path.
Where aggregation, edge and data center switches fit
Many companies find themselves confused when choosing the correct campus LAN switch for their networks. Marketing buzzwords from switch vendors don't make that process any easier. Consider the term aggregation. In one sense, all switches are aggregation switches. Access switches aggregate end users. Distribution switches aggregate access switches and core switches aggregate distribution switches. But, for most switch vendors, the term aggregation switch is simply an updated term for distribution switches that aggregate multiple access switches -- usually in a single building -- together using high-speed Ethernet connections, such as 10 Gbps fiber.
Another common -- and confusing -- marketing term is the use of edge when discussing switches. In most networking circles, a network edge resides in one of two places. The first is the point between the privately owned network and the internet. The second use for edge -- and the term we're interested in -- is in describing switches that connect end-user devices to the rest of the network. So, it's safe to say edge switch equals access switch.
Finally, many engineers wonder where data center switches fit into the campus LAN three-tier design. Generally speaking, data center switch blocks should be considered part of the access tier that connects end devices to the rest of the network. However, because data center switches provide such a different set of services, such as server virtualization, application-level intelligence and connectivity into storage networks, the topic of data center switching should largely be thought of as a separate conversation.
Read about the launch of Dell's latest campus LAN switch.
Check out Cisco's cloud-based campus network switch.
Check out our buyer's guide on data center switching for an in-depth explanation of data center switches.