#Ciscolive

#CiscoLive
123 - Enterprise Campus

Wired Design Fundamentals
Back to Basics
DC WAN ISP
Edge
Core
Scott Hodgdon
Technical Marketing Engineer Technical Leader Distribution
BRKENS-1501
Access
Slides by Shawn Wargo, Principal TME MDF 1
#CiscoLive
Who is Scott ?
Personal
• Based in Raleigh, NC (US)
• 21-year-old daughter in university
Career
• 21+ years as a Technical Marketing Engineer
• 13 Years focused on just Catalyst 6K Family
• 15 years as a Cisco Live Speaker
• 10 years as Cisco Live Session Group Manager for US and EMEA
• 2 Years as a Cisco Partner SE
• 2 Years Lead Network Engineer for 15-site Health Care network
in North Carolina
• No formal technology schooling … I have a Business Degree with
a Finance Concentration
Current Focus
• Cisco SD-Access Enablement and Design since 2016
#CiscoLive BRKENS-1501 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Session
Agenda Abstract
The goal is to return to the basic principles (vs. deep-dive)

of Enterprise Campus "Wired" Design (what and why?)
This session is focused primarily on Cisco Catalyst products:
• The basic characteristics of 1/2/3 and 4-tier Campus network layers (Access, Distro, Core and Edge)
• When to collapse network layers, or to add another layer (based on scale and throughput requirements)
• The basic forwarding and convergence characteristics of L2 and L3 (and Equal Cost Multi-Path [ECMP])
• vs. Cluster-based design with StackWise (Stacking) and StackWise Virtual (SVL)
• vs. Fabric-based design with Ethernet VPN (EVPN) or Software Defined-Access (SDA)
• Briefly review some Campus Wireless and Security characteristics (influences Campus Wired design)
What this session is NOT
Agenda
This session is NOT intended as a Deep-Dive or CVD!

The goal is to understand basic reasons and rationale for each Campus design ☺
Please also attend or review BRKCRS-1500

• Introduction to Campus Wired LAN Deployment Using Cisco Validated Designs - BRKCRS-1500
• www.ciscolive.com/c/dam/r/ciscolive/us/docs/2020/pdf/DGTL-BRKCRS-1500.pdf
Other Related Sessions:

• SD-Access Campus Wired and Wireless Network Deployment Using Cisco Validated Designs - DGTL-BRKCRS-1501
• Enterprise Campus Design: Multilayer Architectures and Design Principles - BRKCRS-2031
• Building for the Campus of the Future - BRKENS-2599
www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-campus-lan-wlan-design-guide.html
Cisco Webex App
Questions?
Use Cisco Webex App to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install the Webex App or go directly to the Webex space Enter your personal notes here
4 Enter messages/questions in the Webex space
Webex spaces will be moderated https://ciscolive.ciscoevents.com/ciscolivebot/#BRKENS-1501
by the speaker until June 17, 2022.
1. What is a Campus Network?
1
2. 1-2-3 or 4+ Tier Design
2
3. ECMP
3 vs. StackWise
Agenda
4. MPLS
4 vs. EVPN vs. SD-Access
5. Wireless and Security Notes
5
6
6. Summary and References
Campus Baseline
Campus Networks
DC ISP
What is “Campus”?
WAN
• Edge
• Place in Network (PIN) Core
• Multi-Layer Model Distribution
• Chassis Types
Access
Campus Cabling
MDF 1
• PIN Features
1 2 3 4 5 6
BRKENS-1501 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
What is a “Campus”?
The basic Merriam-Webster definition of a Campus is:
A group of one or more buildings, and surrounding grounds,
where people and their belongings work together.
Common examples are Hospitals and Research Centers,
Schools and Universities and Corporations and Offices.
Using this - it’s clear a Campus Network is focused on:
• People (Users, Vendors, etc.)
• People's devices (PCs, Phones, Printers, etc.)
• Similar geographic area (LAN, WLAN or MAN, etc.)
• Access to other domains (WAN, ISP, DC and Cloud, etc.)
This includes many different network technology areas
(Wired, Wireless, Security, QoS, Management, etc.) with
a common focus on providing users and devices
“access”.
Campus is focused on User Access
www.cisco.com/c/en/us/solutions/cisco-on-cisco/enterprise-networks.html
Campus = Geography
Buildings are spread out. Multiple floors per building
Campus Networks
Building MDF/IDF and Wiring Closets
MDF = Main Distribution Framework (Core)

IDF = Intermediate Distribution Framework (Distro/Access)
www.cisco.com/c/en/us/solutions/design-zone/networking-design-guides/campus-wired-wireless.html
Campus ≠ Data-Center
One or few large buildings nearby. Usually a single floor.
www.cisco.com/c/en/us/solutions/cisco-on-cisco/enterprise-networks.html
Campus Networks - Real Life
Campus PINs and Topology
BGP, MPLS
BGP, EVPN
BGP, IGP
Core
CoreInterconnect
Interconnect
Core
Core++Edge
Edge
OSPF, EIGRP, ISIS

Campus
CampusCore
Core
Collapsed
CollapsedCore
Core Campus
CampusDistribution
Distribution
STP STP
Campus
CampusAccess
Access
STP, REP STP, REP

Extended
ExtendedAccess
Access
IOT
IOT/ /FTTX
FTTX
Campus Multi-Layer Model
• Few MAN or WAN Uplinks
• Internal and External Autonomous Systems
CORE +
• Medium - Large IPv4 / IPv6 Routing Tables

• Layer 3 Security, QoS and Flexible NetFlow
• Virtualization: SVL, MPLS/VPLS, EVPN, SDA, etc.
Catalyst 9600 Catalyst 9500 Catalyst 9400 • Few Medium to High-Speed LAN Downlinks
DISTRIBUTION
• Few Medium - High Speed LAN Uplinks

• Medium IPv4 / IPv6 Routing Tables
• Medium MAC Tables and ARP / ND Tables
• L2 and L3 Security, QoS and Flexible NetFlow
• Virtualization: SVL, STP / REP, VLAN, SDA, etc.
Catalyst 9600 Catalyst 9500 Catalyst 9400 • Many Small to Medium Speed LAN Downlinks
• Few Small - Medium Speed LAN Uplinks

Small – Medium MAC Tables
ACCESS
•
• Power Over Ethernet, Integrated Wireless, etc.
• L2 Security, QoS and Flexible NetFlow
• Virtualization: Stack, VLAN, STP / REP, SDA etc.
Catalyst 9400 Catalyst 9300 Catalyst 9200 • Many Small - Medium Speed LAN Switch Ports
Always 3 “Logical” Layers If you collapse layers -

your multi-layer device
• Each layer serves a specific set of functions needs to support
all “logical” functions
• Each layer has a specific set of requirements
Modular vs. Fixed Platforms
Catalyst
9400
Modular Fixed
PROs CONs PROs CONs
• More Flexible • More Complex • Less Complex • Less Flexible
• Longer Life-Cycle • BW limit by Chassis • Swap Chassis for BW • Shorter Life-Cycle
• Higher Port Density • Slow(er) Dev and Test • Faster Dev and Test • Lower Port Density
• More Power/Cooling • Lower MTBF • Higher MTBF • Less Power/Cooling
• Redundant Processors • Higher COGs • Lower COGs • Single Processor
Copper vs. Fiber Media www.cisco.com/c/en/us/products/interfaces-modules/transceiver-modules/
Category 5, 6 and 7 OM3, OM4 and OM5

Single-Mode (SMF) Wave-Division
Unshielded (UTP) Shielded (STP) Multi-Mode (MMF) Multiplex (WDM)
RJ45 (Access to Endpoints) SFP (Access and Distribution) QSFP (Core and Edge)
Cat6A Cat5E SFP-LC mSFP MPO12 MPO24

(Offset Wires) (Flush Wires) LC Duplex Mini LC Duplex 12 Fibers 24 Fibers
Short Distance – Cheap

Category Frequency Distance Data Rate Shielding
5E 100-350 MHz 100m 1000 Mbps UTP or STP
1G – 100m 1 Gbps
6 250-550 MHz
10G - 50m 10 Gbps
UTP or STP
6A 500-550 MHz 100m 10 Gbps UTP or STP

7 600 MHz 100m 10 Gbps Shielded only
NEW NEW NEW

10M 100M 1G 2.5G 5G 10G 100M 1G 10G 25G 40G 50G 100G 200G 400G
www.cisco.com/c/en/us/products/collateral/switches/catalyst-9000/nb-06-cat9000-panduit-cables-wp-cte-en.html
Campus Networks
L2/L3 Unicast Technologies
IPv4 Unicast IPv6 Unicast

Data
Internet Branch
Center
• MP-BGP, VPNv4 • MP-BGP, VPNv6

• Internet (v4), NAT, PBR • Internet2 (v6), NAT64, PBR
• MPLS-VPN, VRF-Lite
Core • MPLS-VPN, VRF-Lite
Core
• IPv4 SSO, NSF/NSR, GIR • IPv6 SSO, NSF/NSR, GIR
• EIGRP, OSPFv2, ISIS, RIP • EIGRPv6, OSPFv3, ISISv6, RIPng

• SVI, HSRP/VRRP L3 • SVI, HSRPv6/VRRPv6
L3
• ARP, DHCP Relay • NDP, DHCPv6 Relay
• IPDT/SISF, DAI
Distribution • SISF (v4/v6), RA Guard
Distribution
• BFD, Echo L2 L2 • BFDv6, Echo
• IPv4 SSO, NSF/NSR, GIR • IPv6 SSO, NSF/NSR, GIR
• PVST, MST, REP/RENN • PVST, MST, REP/RENN

• 802.1Q, DTP • 802.1Q, DTP
• VLANs, VTP • VLANs, VTP
• DHCP Snooping
Access • DHCPv6 Snooping
Access
• MAC Leaning • MAC Leaning
• L2 SSO • L2 SSO
Campus Networks
L2/L3 Multicast Technologies
IPv4 Multicast IPv6 Multicast

Data
Internet Branch
Center
• PIM-SM, SSM and Bidir
• PIM-SM and SSM
• AutoRP, BSR RP, MSDP
• IPv6 BSR RP
• MVPN, Multicast VRF-Lite Core • IPv6 embedded RP
Core
• Multicast load splitting
• IPv6 multicast HA
• IPv4 multicast HA
• Dual-stack IPv4 / IPv6 • Dual-stack IPv4 / IPv6

• PIM-SM, SSM and Bidir L3 L3 • PIM-SM and SSM
• IGMPv2,v3 snooping • MLDv1,v2 snooping
• Stub multicast routing Distribution • HW register and RPF Distribution
• PIM BFD L2 L2 • HSRP-aware PIM
• IPv4 multicast HA • IPv6 multicast HA
• IGMP v1,v2,v3 snooping • MLD v1,v2 snooping

• IPv4 multicast QoS and ACL Access • IPv6 multicast QoS and ACL Access
• IGMP v1,v2 filtering • MLD v1,v2 filtering
Cisco Catalyst 9000 Switching Portfolio June 2022
One Family from Access to Core – Common Hardware and Software
Catalyst
9600X
Catalyst
9500X
Catalyst
Catalyst 9400X Catalyst
9300X
9000 Catalyst
9600 Series
Catalyst Switching Catalyst
9500 Series
9200CX Catalyst
Compact Catalyst
9400 Series Platform
Catalyst 9300 Series
9200 Series
Cisco Open
ASIC IOS XE
Catalyst Catalyst Catalyst Catalyst Catalyst Catalyst

2960-X/XR 3650/3850 4500-E Series 3850-XS/4500-X 6840-X/6880-X 6500-E/6807-XL
Access Switching Core Switching
Campus Baseline
Core and Edge
• Campus Core (Baseline)

• Campus Core Interconnect
• Campus Core + WAN Edge
1 2 3 4 5 6
Campus Core (Baseline)
The Core PIN (Tier 3) focuses on connecting
DC ISP
multiple Distribution layers to an Interconnect WAN
(if applicable) and/or other network domains

BGP
• Other names: MDF, BDF
• Common in Medium and Large Campus Core
Main goal is a simple, high-bandwidth, L3

transport between other network layers
OSPF,
Tends to be L3 routed (north and south) Distribution IS-IS or
EIGRP L3
• North: BGP or IGP (ABR), PIM + MSDP
• South: OSPF, IS-IS or EIGRP, PIM PVST L2
or
MST
Tends to use minimal L3 Features Access
• Limited ACLs (e.g. inter-area route-maps, remote access)
MDF 1
• Limited QoS (e.g. many-to-one WRED, aggregate policers)
• Limited NetFlow (e.g. inter-area, aggregate flows)
Tends to require high L3 forwarding scale
Campus Core Interconnect
10/25/40G
The Interconnect PIN (Tier 4) is an extension of the 100/400G
Core, used to connect multiple Core layers (areas) ISP WAN

and/or other network domains.
• Other names: Backbone, Super Core, MAN, DCI DC 1 BGP BGP DC 2
• Common in Large and Very-Large Campus
• Main goal is to distribute the bandwidth and

density requirements of multiple Core layers BGP BGP
• Similar attributes and requirements as Core PIN

Interconnect
• Tends to be L3 routed (north and south)
• North: BGP or IGP (ABR/ASBR), PIM + MSDP
• South: OSPF, IS-IS or EIGRP, PIM OSPF,
IS-IS or
• Tends to use minimal L3 Features EIGRP
Core
• Limited ACLs (e.g. inter-area route-maps, remote access)
• Limited QoS (e.g. many-to-one WRED, aggregate policers)

L3
Distro
• Limited NetFlow (e.g. inter-area, aggregate flows)
Access L2
• Tends to require higher L3 scale
Campus Core + (SP/WAN) Edge
10/25/40G
The Core-Edge PIN (Tier 4) focuses on connecting 100/400G
multiple Campus areas to SP/WAN (remote domains) ISP WAN
and/or to the Internet.
MP-BGP + MP-BGP +
• Other names: Edge Device, Internet Edge DC 1 L2/L3VPN L2/L3VPN DC 2
• Common in Medium to Very-Large Campus
Main purpose is to collapse Core and Edge layers

Tends to be L3 routed (north and south)
MP-BGP + MP-BGP +
• North: MP-BGP + Inter-AS, NAT/PAT, PIM + MSDP L2/L3VPN L2/L3VPN
• South: BGP or IGP (ABR/ASBR), PIM + MSDP Edge
Tends to use Virtualization and Tunnels

• VRF-Lite, MPLS/VPLS, SR, MVPN
OSPFv3,
• GRE/MGRE, IPSec, DMVPN EIGRP-VRF
• QinQ, L2oMGRE, OTV, EVPN
Core
Tends to use multiple L3/VRF Features
• Edge Security ACLs (e.g. RACL, CBAC, ZBFW) L3
Distro
• Hierarchical QoS (e.g. Class-based Queuing, Shaping)
• Policy Based Routing (e.g. WAAS and WCCP) Access L2
• WAN NetFlow (e.g. L3/VRF FNF, WAN ETA)
Tends to require highest L3/VRF + Feature scale
Campus Baseline
Distribution
• Campus Distribution
• Collapsed Core
1 2 3 4 5 6
Campus Distribution
The Distribution PIN (Tier 2) focuses on connecting
multiple Access layers and the Core layer. DC WAN ISP
• Other names: Collapsed Core, Aggregation, IDF

BGP
• Common in Small to Large Campus
Main purpose is to “distribute” connectivity (fan-out) Core

from the Core/WAN to the Access
• Reduces need for high port-density in Core layer
• Also applicable to L3 Routed Access
OSPF,
Distribution IS-IS or
Tends to be both L3 routed (north) EIGRP L3
and L2 switched (south)
PVST L2
• North: SVI, HSRP/VRRP, ARP/ND, IGP, PIM or
MST
• South: VLAN, 802.1Q, STP, MAC, IGMP
Access
Tends to use multiple L2 and L3 Features MDF 1
• Access Security (e.g. IPDT/SISF, VACLs, PACLs, etc)
• Access QoS (e.g. NBAR, Classification and Marking)
• Access NetFlow (e.g. AVC, FNF, EPA and ETA)
Tends to require med-high L2/L3 + Feature scale
Campus Collapsed Core
The Collapsed Core (Tier 2) focuses on connecting
multiple Access layers and the WAN/Edge layer. DC WAN ISP
• Other names : Distribution, BDF

BGP
• Common in Small Campus or Medium Branch
Main purpose is to collapse Core and Distribution layers Edge
• Mostly for small(er) sites, with low(er) port density

• Similar attributes and requirements as Core + Distribution
• Also applicable to L3 Routed Access
OSPF,
Coll. Core IS-IS or
Tends to be both L3 routed (north) EIGRP L3
and L2 switched (south)

PVST L2
• North: SVI, HSRP/VRRP, ARP/ND, IGP, PIM or
MST
• South: VLAN, 802.1Q, STP, MAC, IGMP
Access
Tends to use multiple L2 and L3 Features MDF 1
• Access Security (e.g. IPDT/SISF, VACLs, PACLs, etc)

• Access QoS (e.g. NBAR, Classification and Marking)
Tends to require high L2/L3 + Feature scale
Campus Baseline
Core and Edge
• Campus Access
• Routed Access
• Extended Access
(for IOT and FTTX)
1 2 3 4 5 6
Campus Access
The Access PIN (Tier 1) focuses on connecting
DC ISP
Users and Devices, and an Extended Access WAN
(if applicable) to the Distribution layer

BGP
• Other names: IDF, Wiring Closet
• Common in all Campus and Branch networks Core
Main purpose is to connect users to network

Tends to be L2 switched (north and south)
OSPF,
• North: VLAN, 802.1Q, STP, MAC, IGMP Snooping Distribution IS-IS or
EIGRP L3
• South: AAA, STP, Portfast, Storm-Control
PVST L2
Tends to use multiple L2 Features and Services or
MST
• Access Security (e.g. 802.1x, VACLs, PACLs, etc) Access
• Access QoS (e.g. L2 CoS, Classification and Marking)
MDF 1
Tends to require low-med L2 + Feature scale
Extended Access (IOT / FTTX)
The Extended Access PIN (Tier 1) is an
DC ISP
extension of the Access, to connect multiple WAN
Access layers (areas) to the Distribution layer BGP

• Other names: Building Access, IOT, FTTX
• Common in Very-Large Campus or Large Branch Core
Main goal is to extend the size and scale

of the Access layer and connect more hosts
OSPF,
Tends to be L2 switched (north and south) Distribution IS-IS or
EIGRP L3
• North: VLAN, 802.1Q, STP/REP, MAC, IGMP Snooping
• South: AAA, STP/REP, Portfast, Storm-Control PVST L2
or
MST
Tends to use multiple L2 Features and Services Access
• Access Security (e.g. 802.1x, VACLs, PACLs, etc) MDF 1
• Access QoS (e.g. L2 CoS, Classification and Marking)

IOT
Tends to require med-high L2 + Feature scale REP REP
Campus Baseline
Campus Architecture
DC WAN ISP
Edge
Core
• Equal Cost Multi-Path Distribution
• Virtual Switches (StackWise)

Access
MDF 1
1 2 3 4 5 6
Campus Architectures
Control-Plane and Data-Plane Redundancy
1 2 3
ECMP (L2/L3 Paths) EtherChannel (L2/L3 LAG) StackWise (L2/L3 MEC)
• Complex Topology • Complex Topology • Simple Topology

• More Nodes, Fewer Cables • Same Nodes, More Cables (2-8) • Same Cables, Fewer Nodes
• More Neighbors (+ Tuning) • Same Neighbors (+ Tuning) • Less Neighbors (No Tuning)
• Protocol Load-Balancing (ECMP) • EtherChannel Load-Balancing • Multi-chassis EtherChannel (MEC)
• Node-level Redundancy • Node and Link-level Redundancy • Layer-level Redundancy
L1 : Single Connections L1 : Multiple Connections L1 : Multiple Connections

L2: STP, MST, REP + ECMP (Port Cost) L2: STP, MST, REP + ECMP (Portchannel Cost) L2: L2 MEC (No STP or REP)
L3: FHRP, IGP, BGP + ECMP(Port Cost) L3: FHRP, IGP, BGP + ECMP (Portchannel Cost) L3: IGP, BGP + L3 MEC (No FHRP)
More Neighbors = Requires Protocol Tuning More Neighbors = Requires Protocol Tuning Fewer Neighbors = No Protocol Tuning
Campus + EtherChannel
Using EtherChannel focuses on combining
DC ISP
multiple physical links into a single logical link WAN
• Other names: Portchannel, Link-Aggregation (LAG)

BGP
• Common in Medium and Large Campus
Core
Main goal is to increase bandwidth, and provide
link-level redundancy between network layers
• Mostly for large(r) sites, with high(er) port density
• Similar attributes and requirements as existing PIN(s) OSPF,
Distribution IS-IS or
L3
Can be used for both L2 and L3 links (north and EIGRP
south) PVST L2
or
• North: BGP or IGP, PIM MST
• South: STP or REP, IGMP/MLD Access
MDF 1
Tends to require special L2/L3 Features
• Portchannel ACLs (e.g. L2/L3 RACL)
• Portchannel QoS (e.g. L2/L3 aggregate policers)
• Portchannel NetFlow (e.g. L2/L3 FNF)
Tends to require high L2/L3 forwarding scale

StackWise Virtual Core / Distribution
The StackWise Virtual (SVL) Core PIN focuses on
combining Core and/or Distribution into a single virtual DC WAN ISP
switch to connect to outside areas.

• Typically, the same layer as Distribution or Core (Tier 2-3)
BGP
• The same ‘physical’ topology as a multi-layer network
Core
Main goal is to simplify Distribution or Core layer
OSPF,
Same L2 and L3 protocols as Distribution or Core IS-IS or
• North: SVI, ARP/ND, IGP/BGP, PIM EIGRP
L3L3
MEC
• South: VLAN, 802.1Q, MAC, IGMP (No STP) Distribution
Distributio MEC L3
n
Leverages Stateful Switchover (SSO) L2
• Active/Standby Control-Plane (synchronized)
L2 MEC
• Works with NSF/NSR for L3 protocols
Access L2 MEC
Leverages Multi-chassis EtherChannel (MEC)

• Active/Active Data-Plane (both switches forwarding)
• L2 and L3 Portchannel (neighbor sees single neighbor)
Same L2 and L3 features as Distribution or Core

Tends to require med-high L2, L3 and Feature scale
StackWise Access
The StackWise Access PIN focuses on combining
multiple Access switches into a single virtual switch DC WAN ISP
to increase access-layer port density.

• Typically, the same layer as Access (Tier 1)
BGP
• The same ‘physical’ topology as a multi-layer network
Core
Main goal is to expand port density of Access layer
OSPF,
Same L2 protocols as Access IS-IS or
EIGRP
• North: VLAN, 802.1Q, STP, MAC, IGMP Snooping
L3 MEC
• South: AAA, STP, Portfast, Storm-Control Distribution
L3
Leverages Stateful Switchover (SSO) L2

• Active/Standby Control-Plane (synchronized)
• Works with NSF/NSR for L3 protocols
Access L2 MEC
Leverages Multi-chassis EtherChannel (MEC) MDF 1 MDF 1
• Active/Active Data-Plane (both switches forwarding)

• L2 Portchannel (neighbor sees single neighbor)
Same L2 L3 features as Access

Tends to require med-high L2 + Feature scale
Campus Baseline
Campus Solutions
DC WAN ISP
Edge
Core
• MPLS/VPLS (L2/L3VPN)
BGP-EVPN (L2/L3VNI)
Distribution
• SD-Access (L2/L3VNI + SGT) Access

MDF 1
1 2 3 4 5 6
Campus Solutions and Designs
Providing additional services (beyond basic PINs)
1 2 3
SDA (L2/L3VNI + SGT) EVPN (L2/L3VNI) MPLS (L2/L3VPN)
• L3 Underlay + L2/L3 VNI Overlay • L3 Underlay + L2/L3 VNI Overlay • L3 Underlay + L2/L3 VPN Overlay
• Scalable Group Tagging • Virtual Network Instances • Virtual Private Networks
• L2/L3 VNI + SGT Segments • L2/L3 VNI-based Segments • L3 VRF-based Segmentation
• LAN Services + Group-Based Policy • Common WAN/LAN Services • WAN/Edge + VPN Services
LISP, VXLAN, MP-BGP, VRF-Lite MP-BGP, VXLAN, VRF-Lite MP-BGP, PIC, LDP, MPLS/VPLS, SR
LISP HER, Native, L2 BUM L2 TRM, L3 TRM, L2 BUM MVPN, LSM, Extranet, MSR
SSO, NSF/NSR, ECMP, GIR SSO, NSF/NSR, ECMP, GIR SSO, NSF/NSR, ECMP, GIR
Fabric-FNF, App QoS, SGACL Fabric-FNF, Uniform QoS, IPACL/OGACL VPN-FNF, Uniform/Pipe QoS, PBR, IPACL
EVPN Border and Spine
The EVPN Border and Spine PIN focuses on
connecting an EVPN Fabric and/or other network
domains.
DC WAN ISP
• Typically, the same layer as Core or Edge (Tier 3-4)
Main goal is to connect EVPN to other networks BGP
Uses a L3 Underlay + L3 Hand-off B|S B|S

Core
• North (outside): L3 MP-BGP + Inter-AS, PIM + MSDP
• South (inside): L3 IGP, PIM + MSDP
Uses a Virtualized L2/L3 Overlay

• Control-Plane: BGP-EVPN (RR), TRM
Overlay:
• Data-Plane: VXLAN Distribution
BGP-EVPN +
• Policy-Plane: L2/L3 VNID VXLAN
Tends to use Overlay-aware Features Underlay:

IGP
• IP/OG ACLs (e.g. destined Outside)
• Uniform QoS (e.g. copy Inner, queue Outer) Access
• Inter-VRF Routing (e.g. VRF-Lite, Leaking) L L L L L L
• Fabric NetFlow (e.g. VRF/VNID in FNF)
Tends to require multiple encapsulation(s)

Tends to require high L2/L3 + Feature scale
EVPN Leaf
The EVPN Leaf PIN focuses on connecting Wired
endpoints to an EVPN Fabric domain.
• Typically, the same layer as Access or Extended (Tier 1) DC WAN ISP
Main goal is to connect Endpoints to EVPN network

BGP
Uses a L3 Underlay + L2 Hand-off B|S B|S
• North (inside): L3 IGP, PIM + MSDP Core
• South (outside): L2 VLAN (L3 SVI), STP, IGMP

• Control-Plane: BGP-EVPN, TRM
• Data-Plane: VXLAN Overlay:
Distribution
BGP-EVPN +
• Policy-Plane: L2/L3 VNI
VXLAN

IGP
• IP/OG ACLs (e.g. destined outside)
• Uniform QoS (e.g. copy inner, queue outer)
Access
• Inter-VRF Routing (e.g. VRF Leaking)
L L L L L L
• Fabric NetFlow (e.g. FNF + VNID)

SD-Access Border and CP
The SDA Border / CP PIN focuses on connecting an
SDA Fabric and/or other network domains.
• Typically, the same layer as Core or Core/Edge (Tier 3-4) DC WAN ISP
Main goal is to connect SDA to traditional networks

MP-BGP
Uses a L3 Underlay + L3 Hand-off B|C B|C
• North (outside): L3 MP-BGP + Inter-AS, PIM + MSDP Core
• South (inside): L3 IGP, PIM + MSDP

• Control-Plane: LISP (XTR, MS/MR), PIM
• Data-Plane: VXLAN-GPO Overlay:
Distribution
• Policy-Plane: L2/L3 VNI + SGT LISP +
VXLAN-GPO

• Security Group ACLs (e.g. destined outside) IGP
• Uniform Pipe QoS (e.g. copy inner, queue outer)

Access
• Inter-VRF Routing (e.g. VN Extranet, or VRF-Lite)
E E EMDF 1 E E E
• Fabric NetFlow (e.g. VRF/VNID + SGT FNF, NaaS/ETA)

Tends to require higher L3 and Feature scale
SD-Access Edge
The SDA Edge PIN focuses on connecting
Wired/Wireless endpoints to an SDA Fabric domain.
• Typically, the same layer as Access or Extended (Tier 1) DC WAN ISP
Main goal is to connect Endpoints to SDA network

BGP
Uses a L3 Underlay + L2 Hand-off B|C B|C
• North (inside): L3 IGP, PIM + MSDP Core
• South (outside): L2 VLAN (L3 SVI), STP, IGMP

• Control-Plane: LISP (XTR), PIM
• Data-Plane: VXLAN-GPO Overlay:
Distribution
LISP +
• Policy-Plane: VN + SGT
VXLAN-GPO

IGP
• Security Group ACLs (e.g. destined outside)
• Uniform Pipe QoS (e.g. copy inner, queue outer) Access
• Inter-VRF Routing (e.g. VN Extranet) E E EMDF 1 E E E
• Fabric NetFlow (e.g. FNF, NaaS)

Tends to require higher L3 and Feature scale
Campus Baseline
Wireless and Security
DC WAN ISP
Edge
Core
• Wireless LAN Distribution
• Firewalls and ACLs

Access
MDF 1
1 2 3 4 5 6
Wireless LAN
The Central Wireless PIN focuses on connecting
Wireless APs centrally to one or multiple WLCs.
• WLC is typically connected to Core, Edge or DC (Tier 3+)
Central Wireless
• APs are typically connected to Access (Tier 1) C9800-40/80 VLAN C9500X/9600X SVI
WLC Clusters VLAN SVI
Main goal is to connect Wireless Endpoints (via APs) VLAN Core Switches SVI
to a Wireless LAN (WLAN), centrally in the network
Uses a L2/L3 Underlay + L2 Hand-off

• North (to WLC): L2 VLAN + 802.1Q, L3 SVI, IGP
• South (to AP): L2 VLAN + 802.1Q, STP, IGMP CAPWAP
Uses a Tunneled L2 Overlay VLAN VLAN VLAN
• Control-Plane: CAPWAP, DTLS, LWAPP

• Data-Plane: CAPWAP, DTLS
Tends to require L2 (WLAN) Features

• L2 ACLs (e.g. VACL, MAC ACL)
C9130 WIFI6/6E C9300X/9400X
• L2 QoS (e.g. VLAN QoS)
Access Points Access Switches
• L2 NetFlow (e.g. FNF, AVC, EPA and ETA)
Tends to require higher L2 + Feature scale
Firewalls and ACLs
The Firewall (DMZ) PIN focuses on controlling access
into or out of different network areas.
• Typically connected to Core, Edge or DC (Tier 3+)
Firewalls (DMZ)
• Complex designs may use Distro or Access (Tier 1-2)
Main goal is to prevent unauthorized access to different

network domains (segments).
• Evolved from “Edge” Access-Control Lists (ACLs)
• Can be either L2, L3 or VRF-aware
• Tends to focus on L4-L7 flows (with or w/o DPI)
Uses a L2 or L3/VRF + ACLs

• North (outside): L2 802.1Q, L3 (SVI, Sub-Ints), IGP, BGP
• South (inside): L2 802.1Q, L3 (SVI, Sub-Ints), IGP, BGP
Tends to use L2 and L3/VRF + DPI and ACL Features

• L4/App ACLs (e.g. VACL, MAC ACL)
• L4/App QoS (e.g. VLAN QoS)
• L4/App NetFlow (e.g. FNF, AVC, EPA and ETA)
De-Militarized Zone (DMZ)
Campus Baseline
Conclusion
DC WAN ISP
Edge
Core
• Know the Campus PINs

Other References
Distribution
• Keep Learning!!! ☺ Access

MDF 1
1 2 3 4 5 6
Campus PINs and Topology
BGP, MPLS
BGP, EVPN
BGP, IGP
Core
CoreInterconnect
Interconnect
Core
Core++Edge
Edge
OSPF, EIGRP, ISIS

Campus
CampusCore
Core
Collapsed
CollapsedCore
Core Campus
CampusDistribution
Distribution
STP STP
Campus
CampusAccess
Access
STP, REP STP, REP

Extended
ExtendedAccess
Access
IOT
IOT/ /FTTX
FTTX
References – Multi-Layer Campus
Type Sub-Type References
www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-campus-lan-wlan-design-guide.html
www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/HA_campus_DG/hacampusdg.html
General Multi-Layer www.ccexpert.us/network-design-2/designing-a-campus-network-design-topology.html
networkdirection.net/articles/network-theory/hierarchicalnetworkmodel
www.geeksforgeeks.org/types-of-area-networks-lan-man-and-wan/
www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/IE_DG.html
Edge www.ccexpert.us/network-design/enterprise-edge-modules.html
what-when-how.com/ipv6-for-enterprise-networks/enterprise-edge-network-design-ipv6/
www.geeksforgeeks.org/difference-between-lan-and-man
Core Interconnect www.ti.com/solution/intra-dc-interconnect-metro

en.wikipedia.org/wiki/Backbone_network
www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-campus-lan-wlan-design-guide.html#Corelayer
www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/HA_campus_DG/hacampusdg.html#wp1107724
Baseline www.ccexpert.us/network-design/campus-core-design-considerations.html
en.wikipedia.org/wiki/Hierarchical_internetworking_model#Core_layer
www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-campus-lan-wlan-design-guide.html#Twotierdesign
www.econfigs.com/ccna-1-5-compare-and-contrast-collapsed-core-and-three-tier-architectures
Collapsed Core interestingtraffic.nl/2018/06/08/collapsed_core_design
Distribution oreilly.com/library/view/ccna-data-center/9780133860429/ch01lev3sec4.html
www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-campus-lan-wlan-design-guide.html#Distributionlayer
Baseline www.ccexpert.us/network-design/building-distribution-layer-design-considerations.html
en.wikipedia.org/wiki/Hierarchical_internetworking_model#Distribution_layer
www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-campus-lan-wlan-design-guide.html#Accesslayer
Baseline www.ccexpert.us/network-design/building-access-layer-design-considerations.html
en.wikipedia.org/wiki/Hierarchical_internetworking_model#Access_layer
Access Routed Access
www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-campus-lan-wlan-design-guide.html#Layer3routedaccesscampusdesign
www.cisco.com/c/en/us/td/docs/solutions/Verticals/CCI/CCI/DG/cci-dg/cci-dg.html#99480
Extended/IOT www.geeksforgeeks.org/5-layer-architecture-of-internet-of-things/
References – ECMP and StackWise(Virtual)
www.cisco.com/c/en/us/solutions/hybrid-work/what-is-high-availability.html#~infrastructure-elements
General Redundancy www.ccexpert.us/network-design/designing-link-redundancy.html
www.geeksforgeeks.org/redundant-link-problems-in-computer-network/
www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/5212-46.html
ECMP www.ccexpert.us/routing-protocols/equalcost-load-balancing.html
en.wikipedia.org/wiki/Equal-cost_multi-path_routing
www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-campus-lan-wlan-design-guide.html#EtherChannel
Core EtherChannel en.wikipedia.org/wiki/Link_aggregation#Network_backbone
en.wikipedia.org/wiki/Multi-chassis_link_aggregation_group
www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKCRS-2650.pdf
SVL www.cisco.com/c/en/us/products/collateral/switches/catalyst-9000/nb-06-cat-9k-stack-wp-cte-en.html
www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-campus-lan-wlan-design-guide.html#StackWiseVirtualTechnology
www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/5212-46.html
ECMP www.ccexpert.us/routing-protocols/equalcost-load-balancing.html
en.wikipedia.org/wiki/Equal-cost_multi-path_routing
Distribution EtherChannel en.wikipedia.org/wiki/Link_aggregation
en.wikipedia.org/wiki/Multi-chassis_link_aggregation_group
SVL www.cisco.com/c/en/us/products/collateral/switches/catalyst-9000/nb-06-cat-9k-stack-wp-cte-en.html
www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-campus-lan-wlan-design-guide.html#StackWiseVirtualTechnology
www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10555-15.html
ECMP en.wikipedia.org/wiki/Spanning_Tree_Protocol#Path_to_the_root_bridge
en.wikipedia.org/wiki/Flex_links
Access EtherChannel en.wikipedia.org/wiki/EtherChannel
www.cisco.com/c/en/us/products/collateral/switches/catalyst-9300-series-switches/white-paper-c11-741468.html
Stacking www.cisco.com/c/en/us/products/collateral/switches/catalyst-9200-series-switches/nb-06-stackwise-architecture-cte-en.html
www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-campus-lan-wlan-design-guide.html#SwitchStacksandCiscoStackWiseTechnology
References – SD-Access, EVPN and MPLS
www.cisco.com/c/en/us/solutions/intent-based-networking.html
General SDN/IBN www.networkworld.com/article/3281447/a-new-era-of-campus-network-design.html
www.geeksforgeeks.org/difference-between-software-defined-network-and-traditional-network/
www.ciscolive.com/c/dam/r/ciscolive/us/docs/2020/pdf/DGTL-BRKCRS-2810.pdf#page=27
SDA www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html#BorderNode
www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html#ControlPlaneNode
www.ciscolive.com/c/dam/r/ciscolive/us/docs/2021/pdf/BRKENS-2003.pdf#page=12
Core EVPN www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9500/software/release/17-

7/configuration_guide/vxlan/b_177_bgp_evpn_vxlan_9500_cg/bgp_evpn_vxlan_overview.html#id_126799
www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-campus-lan-wlan-design-guide.html#AlternativevirtualizationdesignforcampusBGPEVPNVXLAN
www.ciscolive.com/c/dam/r/ciscolive/us/docs/2020/pdf/DGTL-BRKMPL-1100.pdf#page=48
MPLS www.ciscolive.com/c/dam/r/ciscolive/us/docs/2020/pdf/DGTL-BRKMPL-2112.pdf#page=42
www.geeksforgeeks.org/multi-protocol-label-switching-mpls/
SDA www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html#IntermediateNode
Distribution EVPN www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9500/software/release/17-
MPLS www.ciscolive.com/c/dam/r/ciscolive/us/docs/2020/pdf/DGTL-BRKMPL-2112.pdf#page=42
www.geeksforgeeks.org/multi-protocol-label-switching-mpls/
www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html#EdgeNode
SDA www.cisco.com/c/dam/en/us/solutions/collateral/internet-of-things/nb-09-intent-based-iot-wp-cte-en.pdf
www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-campus-lan-wlan-design-guide.html#CiscoSoftwareDefinedAccesscampusdesign
Access EVPN
www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9500/software/release/17-
MPLS www.geeksforgeeks.org/multi-protocol-label-switching-mpls/
Keep Learning! cisco.com/go/cvd
Cisco Validated Design (CVD) cs.co/en-cvds
Technical Session Surveys
• Attendees who fill out a minimum of four
session surveys and the overall event
survey will get Cisco Live branded socks!
• Attendees will also earn 100 points

in the Cisco Live Game for every
survey completed.
• These points help you get on the

leaderboard and increase your chances
of winning daily and grand prizes.
Pay for Learning with
Cisco Learning Credits
Cisco Learning and Certifications (CLCs) are prepaid training
vouchers redeemed directly
From technology training and team development to Cisco certifications and learning with Cisco.
plans, let us help you empower your business and career. www.cisco.com/go/certs
Learn Train Certify

Cisco U. Cisco Training Bootcamps Cisco Certifications and
IT learning hub that guides teams Intensive team & individual automation Specialist Certifications
and learners toward their goals and technology training programs Award-winning certification
program empowers students
Cisco Digital Learning Cisco Learning Partner Program and IT Professionals to advance
Subscription-based product, technology, Authorized training partners supporting their technical careers
and certification training Cisco technology and career certifications
Cisco Guided Study Groups
Cisco Modeling Labs Cisco Instructor-led and 180-day certification prep program
Network simulation platform for design, Virtual Instructor-led training with learning and support
testing, and troubleshooting Accelerated curriculum of product,
technology, and certification courses Cisco Continuing
Cisco Learning Network Education Program
Resource community portal for Recertification training options
certifications and learning for Cisco certified individuals
Here at the event? Visit us at The Learning and Certifications lounge at the World of Solutions
• Visit the Cisco Showcase
for related demos
• Book your one-on-one

Meet the Engineer meeting
• Attend the interactive education

with DevNet, Capture the Flag,
Continue and Walk-in Labs
your education • Visit the On-Demand Library

for more sessions at
www.CiscoLive.com/on-demand
Thank you
#CiscoLive
#CiscoLive

#Ciscolive

Uploaded by

Copyright:

Available Formats

#Ciscolive

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

#Ciscolive

Uploaded by

Copyright:

Available Formats

#CiscoLive

123 - Enterprise Campus

The goal is to return to the basic principles (vs. deep-dive)

This session is NOT intended as a Deep-Dive or CVD!

Please also attend or review BRKCRS-1500

Other Related Sessions:

4 Enter messages/questions in the Webex space

Webex spaces will be moderated https://ciscolive.ciscoevents.com/ciscolivebot/#BRKENS-1501

by the speaker until June 17, 2022.

• Place in Network (PIN) Core

• Multi-Layer Model Distribution

MDF = Main Distribution Framework (Core)

OSPF, EIGRP, ISIS

STP, REP STP, REP

• Medium - Large IPv4 / IPv6 Routing Tables

• Few Medium - High Speed LAN Uplinks

• Few Small - Medium Speed LAN Uplinks

Always 3 “Logical” Layers If you collapse layers -

Category 5, 6 and 7 OM3, OM4 and OM5

Cat6A Cat5E SFP-LC mSFP MPO12 MPO24

Short Distance – Cheap

6A 500-550 MHz 100m 10 Gbps UTP or STP

NEW NEW NEW

IPv4 Unicast IPv6 Unicast

• MP-BGP, VPNv4 • MP-BGP, VPNv6

• EIGRP, OSPFv2, ISIS, RIP • EIGRPv6, OSPFv3, ISISv6, RIPng

• PVST, MST, REP/RENN • PVST, MST, REP/RENN

IPv4 Multicast IPv6 Multicast

• Dual-stack IPv4 / IPv6 • Dual-stack IPv4 / IPv6

• IGMP v1,v2,v3 snooping • MLD v1,v2 snooping

Catalyst Catalyst Catalyst Catalyst Catalyst Catalyst

Access Switching Core Switching

Core and Edge

• Campus Core (Baseline)

(if applicable) and/or other network domains

Main goal is a simple, high-bandwidth, L3

• Limited NetFlow (e.g. inter-area, aggregate flows)

Tends to require high L3 forwarding scale

Core, used to connect multiple Core layers (areas) ISP WAN

• Main goal is to distribute the bandwidth and

• Similar attributes and requirements as Core PIN

• Limited QoS (e.g. many-to-one WRED, aggregate policers)

• Tends to require higher L3 scale

Main purpose is to collapse Core and Edge layers

Tends to use Virtualization and Tunnels

• WAN NetFlow (e.g. L3/VRF FNF, WAN ETA)

Tends to require highest L3/VRF + Feature scale

• Other names: Collapsed Core, Aggregation, IDF

Main purpose is to “distribute” connectivity (fan-out) Core

• Access NetFlow (e.g. AVC, FNF, EPA and ETA)

Tends to require med-high L2/L3 + Feature scale

• Other names : Distribution, BDF

Main purpose is to collapse Core and Distribution layers Edge

• Mostly for small(er) sites, with low(er) port density

and L2 switched (south)

• Access Security (e.g. IPDT/SISF, VACLs, PACLs, etc)

• Access NetFlow (e.g. AVC, FNF, EPA and ETA)

Tends to require high L2/L3 + Feature scale

Core and Edge