3.2.a Layer 3 protocols and redistribution
When two or more sites are using dissimilar protocols, such as OSPF, EIGRP, etc, you can combine the networks using route redistribution. Redistribution can be accomplished by two methods:
Two-way redistribution: In this type of redistribution routing information is exchanged between both routing protocols. Route filters are used to prevent routing loops. Routing loops can be caused by one route protocol redistributing routes that were learned from a second route protocol back to that second routing protocol. Note that static routes are not used in this exchange.
One-way redistribution: This type of redistribution only allows redistribution from one routing protocol to another. Normally, it is used in conjunction with a default or static route at the edge of a network. For example, a campus network is connected to the WAN network using a default route, it makes sense to distribute the routing information from the WAN routes is into the campus, but campus routes are not redistributed out to the WAN.
The best practices when designing a Distribution layer are given below:
1. Build Layer 3 triangles, not squares
2. Summarize routes from the distribution to the core of the network to reduce routing overhead.
3. Use Virtual Switching System (VSS) as an option
4. Only peer on links that you intend to use as transit.
The following are the best practices in Core layer design:
1. Reduce the switch peering by using redundant triangle connections between switches.
2. Use routing that provides a topology with no spanning-tree loops.
3. Use Layer 3 switches on the core that provide intelligent services that Layer 2 switches do not support.
4. Use two equal-cost paths to every destination network.
Core layer and server farm switches have requirement for best performance, and availability compared to access layer and distribution layer switches. Hence the cost per port for Core and Server farm switches would be high compared to Access and Distribution layer switches.
The primary requirements of a DC core layer
1. Administrative convenience for DC aggregation layer separation from that of Campus Distribution layer
2. Provides port density for server farms
Data center Access layer is characterized by the following:
1. High port density with high performance switched (Layer-2) and router (Layer-3) ports.
2. Low latency for fast switching, and ability to cater to over subscription
3. Use of VLAN trunks upstream, allowing data center aggregation services to be shared among the same VLAN and across multiple switches.
4. Support for server clustering that requires network connections to be Layer 2 adjacent or on the same VLAN with one another.
The following are the Cisco recommended security measures for controlling access to a campus network:
1. Access Layer: This is the layer at which users log into the network and access network resources. The recommended security measures at Access Layer point are:
2. Distribution Layer: The security at distribution layer is implemented by using Access Policies. These in turn make use of Access Control Lists. There are two types of IP access lists:
In addition to security, Distribution layer is responsible for sending only the data that need to reach the Core Layer. This not only achieves security, but also makes sure that Core Layer is not burdened with unnecessary traffic. This is achieved by applying Access Control Lists.
Core Layer Security: Core layer is responsible for transmitting data efficiently. For this reason, Cisco recommends that there is little or no policy at Core layer.