Fortinet black logo

Switching Reference Architecture Guide

Home FortiSwitch 7.2.3 Switching Reference Architecture Guide
7.2.3
7.4.0
7.2.3

Wired local area network basics

Wired local area network basics

Switched LANs provide the basic access for network devices to communicate with each other and with resources locally adjacent (in the same room, same floor, same building, and same campus) without having to cross a wide area network (WAN) between sites. Interconnecting a group of LANs requires a network with full connectivity to the internal resources (such as the data center, phones, and printers) through a set of inter-switch links of different types. For scalability purposes, LANs are often segmented using virtual LANs, while, for security purposes, the traffic often has to be policed and filtered to only allow interactions between users and resources previously authorized. Therefore, the vast majority of the traffic arriving at a switch port is sent to an uplink (trunk) to another switch, which forwards the traffic to another device through one of its uplinks (with another switch or a firewall or a router, depending on the size of the network). The network could be a few floors in a building, a single building, or a group of buildings located near each other. A subnet becomes a set of users with similar roles, for example, users who work for the same department in a company.

This hierarchical physical design of a secure campus wired LAN is very common and involves two or three levels between the access switch and the core equipment, such as a firewall or a router. It allows the network to grow, minimizes the number of uplinks, provides the potential for reliability, and overcomes the 100-meter Ethernet link limits over copper by cascading the high-bandwidth fiber optic connections between switches.

This hierarchical design model breaks down the design into different layers, which simplifies the deployment, extensibility, and management of the network and allows each layer to implement specific functions. At the same time, this design helps constrain operational changes to a subset of the devices and helps in troubleshooting by layering the detection of issues. The induced modularity allows you to create design elements that can be replicated and, therefore, is a straightforward way to scale.

The following are the typical three layers:

  • Access—This layer provides direct wired connectivity to the network for endpoints and users.

  • Aggregation—This layer aggregates access layers and provides connectivity among them, to data centers, and to other services.

  • Core—This layer supplies connectivity to security resources such as hardware-accelerated Secure Sockets Layer (SSL) inspection, filtering of communications between segments, access to the Internet, as well as the connection between aggregation layers for large LAN environments.

Each layer provides different functions and capabilities to the network. Depending on the size of the campus, you might need to collapse the core and aggregation layers (especially when WiFi is the primary access for all end-user devices in the campus) or to use all three layers.

The following figure shows an example of a three-tiered hierarchical LAN design with multiple buildings and one data center.

Previous
Next

Wired local area network basics

Switched LANs provide the basic access for network devices to communicate with each other and with resources locally adjacent (in the same room, same floor, same building, and same campus) without having to cross a wide area network (WAN) between sites. Interconnecting a group of LANs requires a network with full connectivity to the internal resources (such as the data center, phones, and printers) through a set of inter-switch links of different types. For scalability purposes, LANs are often segmented using virtual LANs, while, for security purposes, the traffic often has to be policed and filtered to only allow interactions between users and resources previously authorized. Therefore, the vast majority of the traffic arriving at a switch port is sent to an uplink (trunk) to another switch, which forwards the traffic to another device through one of its uplinks (with another switch or a firewall or a router, depending on the size of the network). The network could be a few floors in a building, a single building, or a group of buildings located near each other. A subnet becomes a set of users with similar roles, for example, users who work for the same department in a company.

This hierarchical physical design of a secure campus wired LAN is very common and involves two or three levels between the access switch and the core equipment, such as a firewall or a router. It allows the network to grow, minimizes the number of uplinks, provides the potential for reliability, and overcomes the 100-meter Ethernet link limits over copper by cascading the high-bandwidth fiber optic connections between switches.

This hierarchical design model breaks down the design into different layers, which simplifies the deployment, extensibility, and management of the network and allows each layer to implement specific functions. At the same time, this design helps constrain operational changes to a subset of the devices and helps in troubleshooting by layering the detection of issues. The induced modularity allows you to create design elements that can be replicated and, therefore, is a straightforward way to scale.

The following are the typical three layers:

  • Access—This layer provides direct wired connectivity to the network for endpoints and users.

  • Aggregation—This layer aggregates access layers and provides connectivity among them, to data centers, and to other services.

  • Core—This layer supplies connectivity to security resources such as hardware-accelerated Secure Sockets Layer (SSL) inspection, filtering of communications between segments, access to the Internet, as well as the connection between aggregation layers for large LAN environments.

Each layer provides different functions and capabilities to the network. Depending on the size of the campus, you might need to collapse the core and aggregation layers (especially when WiFi is the primary access for all end-user devices in the campus) or to use all three layers.

The following figure shows an example of a three-tiered hierarchical LAN design with multiple buildings and one data center.

Previous
Next