Fortinet black logo

Switching Reference Architecture Guide

Home FortiSwitch 7.2.3 Switching Reference Architecture Guide

Aggregation layer

7.2.3
7.4.0
7.2.3
Copy Link
Copy Doc ID 05143578-c74d-11ed-8e6d-fa163e15d75b:179707
Download PDF

Aggregation layer

The aggregation (sometimes also called distribution) layer is a real crossroad. Its primary goal is to increase network scalability by providing a single place to interconnect multiple access switches and the core layer. It facilitates the connectivity because it would rapidly become impractical to interconnect all access switches in a full mesh of links without relying on an aggregation point for these multiple access-layer switches. The potential geographic distribution of access switches across many buildings in a larger campus would also require more fiber optics to interconnect if the aggregation layer was not there. An aggregation layer usually comprises a few blocks of two switches in MCLAG. By design, it therefore provides resiliency because it will always be deployed in pairs of switches and comes with a recommendation to deploy only dual hot swappable power supplies and redundant fans in each switch to augment reliability.

The following figure shows an aggregation-layer building block.

Multiple blocks of pairs of aggregation switches extend the design of this key layer if there are more than 24 floors or buildings in the campus. This layer is also where data center services are provided. Even though it is not going to be used for the same purpose, it is common that the connection of dual-attached servers, storage, and other network-based services connect at this level or have their own block of switches that connect to the high-speed core switches in the same manner in the main intermediate distribution frame (IDF). This main IDF usually also houses the core block. Even if the layers are collocated there, it is important to recognize the role of each layer in this three-tier hierarchical model to ensure scale and reliability and to limit human errors and malicious attacks. This model allows the aggregation switches to easily accommodate thousands of devices passing through this layer while simplifying the design, maintenance, and operations.

The following figure shows the aggregation-layer design, including the data center building block.

Fortinet recommends that no access devices (including wireless access points, surveillance cameras, IP phones, or laptops) are connected to this layer.

Aggregation layer platforms

The most appropriate FortiSwitch unit to form the aggregation layer comprises many 10/40 gigabit Ethernet ports to address the access layer and a few 100-GbE ports towards the core layer.

The following figure shows an FS-1048E aggregation-layer switch.

This is exactly what the FS-1048E provides: 48x GbE/10-GbE SFP+ ports and 6x40-GbE QSFP+ ports or 4x100-GE QSFP28 ports, 1760-Gbps switching capacity in a 1 RU rack-mounted form factor. A 24x10-GbE ports version also exists if fewer ports are required towards the access layer. Having 4x100-GbE ports allows for two ports to go to the core switches and two ports to connect the aggregation layer in MCLAG together (ICL) at very high speed. Those links can still run at 40 Gbps or 25 Gbps, depending on the fiber/SFP combination used if oversubscription in the case of the transient failure of one uplink to the core is not an issue.

Previous
Next

Aggregation layer

The aggregation (sometimes also called distribution) layer is a real crossroad. Its primary goal is to increase network scalability by providing a single place to interconnect multiple access switches and the core layer. It facilitates the connectivity because it would rapidly become impractical to interconnect all access switches in a full mesh of links without relying on an aggregation point for these multiple access-layer switches. The potential geographic distribution of access switches across many buildings in a larger campus would also require more fiber optics to interconnect if the aggregation layer was not there. An aggregation layer usually comprises a few blocks of two switches in MCLAG. By design, it therefore provides resiliency because it will always be deployed in pairs of switches and comes with a recommendation to deploy only dual hot swappable power supplies and redundant fans in each switch to augment reliability.

The following figure shows an aggregation-layer building block.

Multiple blocks of pairs of aggregation switches extend the design of this key layer if there are more than 24 floors or buildings in the campus. This layer is also where data center services are provided. Even though it is not going to be used for the same purpose, it is common that the connection of dual-attached servers, storage, and other network-based services connect at this level or have their own block of switches that connect to the high-speed core switches in the same manner in the main intermediate distribution frame (IDF). This main IDF usually also houses the core block. Even if the layers are collocated there, it is important to recognize the role of each layer in this three-tier hierarchical model to ensure scale and reliability and to limit human errors and malicious attacks. This model allows the aggregation switches to easily accommodate thousands of devices passing through this layer while simplifying the design, maintenance, and operations.

The following figure shows the aggregation-layer design, including the data center building block.

Fortinet recommends that no access devices (including wireless access points, surveillance cameras, IP phones, or laptops) are connected to this layer.

Aggregation layer platforms

The most appropriate FortiSwitch unit to form the aggregation layer comprises many 10/40 gigabit Ethernet ports to address the access layer and a few 100-GbE ports towards the core layer.

The following figure shows an FS-1048E aggregation-layer switch.

This is exactly what the FS-1048E provides: 48x GbE/10-GbE SFP+ ports and 6x40-GbE QSFP+ ports or 4x100-GE QSFP28 ports, 1760-Gbps switching capacity in a 1 RU rack-mounted form factor. A 24x10-GbE ports version also exists if fewer ports are required towards the access layer. Having 4x100-GbE ports allows for two ports to go to the core switches and two ports to connect the aggregation layer in MCLAG together (ICL) at very high speed. Those links can still run at 40 Gbps or 25 Gbps, depending on the fiber/SFP combination used if oversubscription in the case of the transient failure of one uplink to the core is not an issue.

Previous
Next