Do I Need A Layer 3 Core Switch?

Dashrender

Something to keep in mind, your firewall is currently able to keep all traffic on those VLANs out of the normal network.

I'm not sure if L3 or L2+ switches have firewall like features to prevent cross VLAN communications.

wrx7m

@Dashrender Really? I thought that was the point of a VLAN.

scottalanmiller

@wrx7m said:

@Dashrender Really? I thought that was the point of a VLAN.

Well, no. A VLAN is just a LAN, it's not a thing on its own. If you connect them all together through a router or switch, by default you've joined them all into a single thing. Just routed between them, rather than switched. VLANs are not "for" anything specific. You have to build in the functionality that you want from them.

wrx7m

@scottalanmiller Sure, I meant that I thought the whole point of a VLAN was to segregate traffic/keep broadcasts domains smaller while utilizing the same physical switches.

scottalanmiller

@wrx7m said:

@scottalanmiller Sure, I meant that I thought the whole point of a VLAN was to segregate traffic/keep broadcasts domains smaller while utilizing the same physical switches.

Segregating traffic to broadcast domains for layer 2 doesn't imply that L3 isn't wide open between the subnets. In a typical network, you'd be wide open between them.

wrx7m

@scottalanmiller That is true, however, I am running in access mode to prevent cross communication and would like it to remain that way. Would a Layer 3 switch have the features to create ACLs for traffic on multiple VLANs across the same ports?

scottalanmiller

@wrx7m said:

@scottalanmiller That is true, however, I am running in access mode to prevent cross communication and would like it to remain that way. Would a Layer 3 switch have the features to create ACLs for traffic on multiple VLANs across the same ports?

Generally they will, but that was @Dashrender concern, that it would not.

wrx7m

OK. Got it. So since that is the goal, based on the size of the network and addition of 10GE for virtual hosts, I should consider a Layer 3 switch?

Dashrender

The 10 Gb in this case doesn't play a part in the decision making process, as far as I can see.

wrx7m

@Dashrender The layer 3 portion was for the inter-vlan traffic but the core aspect would be to provide the backbone bandwidth

Dashrender

What switch do you have in mind?
How many 10 Gb ports do you need? Will you run two for whichever r word will make Scott happier?

wrx7m

@Dashrender Ha! It would be a single as a core and I am not sure which switch I would use yet. I am still trying to see if all of it will be within my budget. For my virtual hosts I currently need 6 10GE (which I am leaning toward 2 switches to create some redundancy) and then I would ideally be stacking the switches with the others so I am not sure how it will all go together with the introduction of a core switch, stacking-wise.

Dashrender

I've never been responsible for a network that was large enough to have a core switch.

I have a HP 2824 (L3 switch) 1 GB switch with 4 ports that will take GBICs that I use for fiber.

connected to that I have two 2650-PWR switches for phones and endpoints.

I am planning on upgrading the 2824 to a UBNT Edgeswitch 48 which has two SPF +1 ports (10 Gbe) and two SPF 1 ports (1 Gb fiber)

I will eventually replace the 2650-pwr with 1 Gb switches in the future.

wrx7m

For the TOR switches for all my servers and virtual hosts and NAS, I am looking at using 2 of the Extreme Summit X460-G2-24t-10GE4. 24 ports of copper 1Gb and 4 ports of 10GE SPF+ and additional stacking ports on the back. For the edge switches for things like the access points, IP phones and desktops, I was looking at the Extreme Summit X450-G2-48P-10GE4 or the Extreme Summit X450-G2-48P-GE4.

Dashrender

wow, $3800/ea for the TOR switches...

wrx7m

Yeah, that is kind of why I was asking. Is this enough to warrant the consideration of something designed to be a core?

wrx7m

@Dashrender Don't forget to add the PSU(s)

wrx7m

I suppose that I could always get the TOR and Edge switches first and see how well it works and if I need to get better throughput from the LAN to the WIFI and vice versa, then I could add the "core" switch into the mix. Anyone have thoughts on this?

Dashrender

Not that it means anything - but I've never heard of Extreme Summit.

Any reason not to find a solution that has six 10 Gbe ports on a single switch?

scottalanmiller

@Dashrender said:

Not that it means anything - but I've never heard of Extreme Summit.

Not SMB gear. It's good stuff. Way better than Cisco.