Technology & Integration Practice Newsletter
Volume 2 Issue 1, Page 4

WHAT THE HECK IS "LAYER-3 TO THE EDGE"?
By Jack Wagner

Layer-3 to the Edge goes by several names, all of which are correct. It can be referred to as “Routing at the Access Layer,” “Routing at the Edge,” “Layer-3 in the IDF,” or any myriad of combinations that mean the same thing. Basically, when you hear people talking about Layer-3 to the Edge, what they are discussing is taking the capabilities of a router all the way out to the user closet. Therefore, instead of Layer-2 Spanning Tree Protocol (STP) being involved, all traffic is delivered from the user closet to the core and anywhere else it needs to go completely via routed links.

So what’s the big deal, my network runs fine now, right? Why would I want to get rid of Spanning Tree, it’s a good thing, right?

Well, yes and no. Spanning Tree is a good thing, because it keeps your network loop free by monitoring the connectivity at Layer-2 and ensuring that two paths never exist to the same location. When two paths exist, the traffic flowing to a destination may continuously be sent through each separate path causing a “loop.” This will likely cause network downtime until the loop can be cleared. Loops are a very big danger to organizational networks and for years Spanning Tree has done a fairly good job of keeping us safe from them.

What are the disadvantages of Spanning Tree?

It is tough to say that Spanning Tree has disadvantages, but rather it may be more appropriate to state that it has inefficiencies. Also, and for the most part, it is still a technology that a lot of people have not really mastered yet.

Networks have gone through several evolutions throughout the years. When my organization was purchasing our first “switched” network in the 90s, the vendor was encouraging a completely flat physical network completely managed by Virtual Local Area Networks (VLANs). A VLAN is the method used to logically (or virtually) separate a large flat network into efficient, manageable chunks. With the setup recommended by our vendor, any user could pick up and move from any location to another anywhere on the campus and still be a member of the same VLAN while retaining the same IP address and privileges.

While this looked great on paper, the bad thing was that we immediately created a large amount of VLANs and propagated the information for every single one of them throughout the entire organizational network. We were literally using a chunk of our available bandwidth to propagate all VLAN information everywhere, and the size of our networks were making it very difficult for Spanning Tree to manage it all efficiently.

Fortunately, best practices have since been developed and implemented in many networks that provide good VLAN design and promote efficient VLAN creation and utilization throughout our networks. Regardless, even with the best practices of VLAN design, there are still a few disadvantages to Spanning Tree:

1. Limited Redundancy – It provides redundancy with the ability to have multiple paths to destinations, but only one path can be active at a time. Yes, there are ways to rectify this manually, but it is still a manual operation and failover can be lengthy in network terms (several minutes).
   
2. Poor Bandwidth Capabilities – Along the same lines as the Redundancy factor, Spanning Tree in itself ensures that any other paths with available bandwidth are blocking traffic and not available for use. There is technology, such as Etherchannel and Fiberchannel that can allow links to be bound together, but not without their own sets of disadvantages.
   
3. No High Speed Failover Capability – Spanning Tree, and later Rapid Spanning Tree, was created to prevent extended periods of downtime due to network loops. It was not created to provide high speed failover (less than 1 second). In the world of Spanning Tree re-convergence, the fastest time that can be hoped for is 15 seconds, but most likely it will be in the 1 to 5 minute range.
   
4. Administration Difficulty – As a network grows, it becomes increasingly difficult to keep Spanning Tree properly configured. Administration in this environment is broken into two sections:
   
   1. Spanning Tree Configuration - Timers must match on each network infrastructure device using Spanning Tree, and those timers may need to be adjusted to provide for the convergence time necessary for a larger network. Also, central switches will need to be manually configured as Spanning Tree Root switches to provide support for networks that span a large number of Layer-2 hops. In some cases, multiple instances of Spanning Tree may need to be created and maintained to support a largely dispersed local area network.
      
   2. Hot Standby Router Protocol (HSRP) – If this exists in your network for the purpose of redundancy than its timers must be completely coordinated with Spanning Tree timers to prevent increased downtime during a failover situation. If there is an instance where HSRP must switch over to the standby router interface, which happens to be the switch with the redundant link that is currently blocked by STP, then there could be additional downtime of 50 seconds or more. Of course, there could be less depending on the version of Spanning Tree (i.e., Spanning Tree, Rapid Spanning Tree) in use.
   
   
5. Figure 1 shows a basic Layer-2 Network with built-in redundancy. Please notice how your redundant links are not being used at all

The above diagram may seem to over-simplify the architecture by only displaying a piece of the total network. Take a look at Figure 2 and imagine what links will be blocking traffic in that situation. Ask yourself these questions:

1. Where should my root switch be?
   
2. How long will convergence take on this network in the event of a loop or failed link?
   
3. Do I need to change timers to allow for the size of the network?
   
4. Do I need to segment more with multiple instances of spanning tree?
   
5. How and where is my HSRP configured?
   

All the above explanations bring us up to the subject of the article, which is Layer-3 to the Edge technology. Simply stated, this moves the overall functionality of your network from Layer-2 technology (Spanning Tree) to Layer-3 technology (Full Routing). Here are the advantages to a fully routed network

1. Redundancy – Multiple paths to all destinations are preferred by routing protocols. Routing will ensure that all available paths are forwarding traffic and being used according to their assigned costs and available bandwidth. When one path goes down, all traffic is automatically moved over to a path that is still active.
   
2. Bandwidth – Taking this to the next step, the multiple active paths in routing also increase the bandwidth between destinations where multiple paths exist. For instance, two paths to a destination that have equal costs and bandwidth will be used equally. Where in Spanning Tree, one of those links was blocked to prevent loops; in Routing, both links would be used to double the bandwidth to the destination.
   
3. High Availability – Another purpose of routing is high speed failover. Properly configured and efficient routing protocols such as Open Shortest Path First (OSPF) or Cisco’s Enhanced Interior Gateway Routing Protocol (EIGRP) can handle failover of a link that has gone down in about 200 milliseconds. That is a significant performance increase over the 45+ seconds required by Spanning Tree!
   
4. Administration – Layer-3 (Routed) networks are much more scalable than Layer-2 (Spanning Tree) networks in that they are designed to connect and provide efficient traffic delivery throughout larger networks. Also there is no more worry of Spanning Tree issues and HSRP configuration.

Figure 3 below shows us the same basic network seen earlier in Figure 1 after Routing is fully implemented and Spanning Tree is turned off.

In Figure 3, all links are now layer-3 routable and Spanning Tree can be removed from all layers above (or below depending on your perspective) the access layer (i.e., core and distribution). This provides significant redundancy, improved failover times, and quarantines a Layer-2 re-convergence event to the user closet where it occurred. Also notice that HSRP is gone, very nice. Figure 4 shows a network example after migration to Layer-3.

Wow! Look at all the extra bandwidth and redundancy built into the network in Figure 4!

Okay, so now you are sold, right? What are the considerations for Layer-3 to the Edge?

1. The first thing that may come to mind is budget. However, that might not be a significant factor if you are keeping up with the network infrastructure replacement schedule. Several of the switches that Cisco Systems currently recommend for the user closet have Layer-3 capabilities built into the standard model and basic dynamic routing protocol functionality provided via Cisco’s proprietary EIGRP. That means no additional expense.
   
2. The current Layer-2 VLAN architecture must be considered and potentially migrated to a more efficient design to enable immediate benefit from hardware that supports Layer-3 at the Edge. Efficient design considerations include, but are not limited to:
   
   1. Minimization of VLANs that traverse the entire infrastructure.
      
   2. Pruning unneeded VLANs from areas where they are not required.
      
   3. Each user closet should be assigned one or more VLANs, as necessary, which only exist in that respective closet.
      
3. Internet Protocol (IP) addressing is a factor that must be considered when moving to a Layer-3 at the Edge design. To make routing as efficient as possible, it is critical to have a well laid out IP Network.
   

There are two main recommendations to investigate the feasibility of an easy move to a Layer-3 architecture:

1. Network Assessment with special attention paid to the existing:
   
   1. Layer-2 VLAN architecture.
      
   2. Layer-3 design and IP address deployment.
      
   3. Capabilities of hardware currently in use.
      
   4. Internetwork Operation System (IOS) versions currently deployed on existing hardware and identification of possible incompatibilities.
      
   5. Existing client devices on the network that may prove to be difficult to migrate (i.e., resistant to IP address change, vendor-managed).
      
2. End State Network Design that clearly indicates:
   
   1. VLAN modifications and migrations that must take place to effectively migrate to a Layer-3 network.
      
   2. The IP Addressing scheme needed to provide the most efficient use of the available addresses. This is used to provide for proper growth of the network while allowing adequate optimization techniques in the core (i.e., route summarization to keep the routing tables small).
      
   3. A detailed Bill of Materials stating any hardware that needs to be purchased for the success of the design.
      

To sum up:

1. Layer-3 to the Edge is the act of moving from a Layer-2 technology (Spanning Tree) to a Layer-3 technology (Routing) at the user closet.
   
2. While Spanning Tree does its job well, it does take longer than is acceptable in many network environments today, does not utilize redundant links very well, and has significant functions that must be consistently maintained.
   
3. Migrating to Layer-3 at the Edge can significantly improve high speed failover and use of redundant links for increased bandwidth. It leaves greater flexibility for growth, and can potentially provide this all without additional hardware expense. However, there are considerations and expertise needed to properly migrate an existing network to Layer-3 at the Edge.
   
4. Recommendations to evaluate the possibility of a smooth migration consist of a detailed network assessment and end state design.
   

I hope you have found this article informative. Feel free to contact me at jwagner@getvitalized.com for any additional questions or comments. You can also reach us at our Corporate Offices at 610-444-1233. You can find additional information on our website at www.getvitalized.com.

©2008 Vitalize Consulting Solutions, Inc.

Home Solutions Resource Center Careers News and Events About Us Contact Us Site Map