The wiring closet switch plays a critical role in your network: that of connecting your end users to the rest of your IT infrastructure. Don’t think of that jack in the wall or under the cubicle as a simple Ethernet port. Rather, think of it as the mission-critical gateway to IT services that it is.
When a user plugs her workstation into the network, it’s her single connection to her e-mail, instant messaging, financial system, sales engine, and other company resources. Even voice communications are likely provided through that jack. If the service is poor, that user can’t do her job effectively. If enough users have a bad experience, the entire business is affected.
Sadly, in enterprise and campus networks, the closet switch is often neglected.
Stuffed into a hot, poorly ventilated corner to provide connectivity to an office area, a closet switch is all too frequently treated as a cheap commodity item that simply doesn’t matter much. Does it work? Are the users getting connected? Well then, good enough.
It’s possible to get away with this sort of approach if all you’re looking for is rudimentary connectivity, but “cheaper is better” is a bad idea for any organization whose employees rely on the network to get their jobs done. The network is too critical an element to try to save money in the campus closet.
So, what can be done to help make the wiring closet switch perform as the key network element it is? There are several things worth considering.
Take physical location seriously
I’ve seen closet switches in bathrooms, stuffed inside drop ceilings, hanging by a single screw on the wall, underneath cubicles, and on filthy shelves in a tiny closet with no air flow or climate control.
I recognize that retrofitting aging buildings with wiring infrastructure is a challenge, and sometimes the solutions we’re stuck with aren’t ideal. I’ve been involved in many such installations.
That said, try your best to get a wiring closet switch into a place with, at the least, airflow. Study the switch you’re installing, figure out where the air intake and exhaust locations are, and keep them clear. Even for fanless switch designs with external power supplies, it’s usually a bad idea to put a switch right up against a wall. There’s still heat generated that the chassis needs to radiate, which is part of the reason most switches come with rubber feet that can be applied to the bottom.
Dust and dirt are also concerns. Switches get clogged with crud when they’re installed in filthy locations, and this can shorten their lifespan due to overheating. Switches in dirty places should be cleaned periodically to reduce this risk, even industrial models that are built for difficult environments.
Consider the uplink design between the closet switch and the rest of the network carefully
While the simplest thing to do is to connect a closet switch via a single cable back to the rest of the network, a dual uplink is preferable for redundancy and possibly capacity. There are several ways to safely achieve a dual uplink.
1. A backup link.A backup link is created when a second line is connected in parallel to the primary line. Topologically, this makes a loop between the closet switch and the uplink switch. Spanning tree will detect the loop and block the backup link. If the primary link fails, the backup link becomes active.A better alternative to this design is to connect to multiple switches rather than having both links running to the same switch. Spanning tree will behave the same in either case — a loop will be detected and one link blocked until the primary path fails.
2. A parallel Layer 2 link. A parallel link between switches can be achieved with link aggregation protocols such as Cisco’s Port Aggregation Protocol (PAgP) or the industry-standard Link Aggregation Control Protocol (LACP). This scheme allows for both links to be active and carrying traffic. The link aggregation protocol makes the two links appear as a single link as far as spanning tree is concerned, while still maintaining a loop-free topology.
Link aggregation can scale parallel links beyond two. Four and eight-way link aggregation bundles are common. For diversity, link aggregation bundles can be split across two physical switches that act as one virtual switch, such as the stackable versions of Cisco’s Catalyst switches or Cisco chassis switches running Virtual Switching System.
3. A parallel Layer 3 link. One strategy for uplinking wiring closet switches is to connect them to the rest of the network via routed (Layer 3) links as opposed to switched (Layer 2) link. While the wiring looks the same, the end result offers better isolation from the rest of the network.
With this approach, the two L3 links don’t create a loop because each link belongs to its own network segment isolated from the other. The challenge of this design is that user VLAN segments can’t span to different closets, as an L2 network segment (a VLAN) will not extend beyond the L3 uplinks. Dual L3 uplinks should connect to separate switches for resiliency.
4. Don’t forget about physical path diversity. When possible, route cabling coming into the closet via alternate physical paths. The idea is that if one cable connecting the closet switch to the rest of the network is cut, flooded, burned, or otherwise damaged, the other cable won’t share the same fate. This is admittedly challenging in buildings where conduits are limited and where construction is just not amenable to such an approach. But when possible, keep the uplinks cables separate.
Don’t skimp on physical ports
A problem I’ve run into repeatedly is a 24-port closet switch that runs out of ports. Budget permitting, a 48-port switch — preferably with additional ports to serve as the uplinks — should always be installed to allow for additional growth.
Yes, 48-port switches cost more, and that cost is often the driver for the purchase of a 24-port switch to begin with. But in the long run, 48-port switches are almost always preferable in my experience.
That said, consider the long-term impact of wireless networking in your environment. If your organization is finding that 802.11ac provides wired-equivalent performance for your users, then you’re on a different track. You’re moving away from wired connections to wireless, where your wired port density concerns have shifted from user workstations to access points. But if “wires everywhere” is still your choice, then my comment about 24 vs. 48 port switches is hopefully thought provoking.
Switch stacks or chassis for the closet are a little different than individual switches
A popular choice in the wiring closet, stackable switches and chassis switches offer a great deal of port density with a single point of management. From a design perspective, these advantages have a few challenges worth keeping in mind.
- Stacks and chassis are single points of management, but can also be single points of failure.To decide if this is a concern, consider the impact to your organization if the entire closet was out of service for several hours or days due to a catastrophic system failure.Chassis switches often offer dual supervisor engines and dual power supplies to mitigate this risk. Some might point out that the chassis switch itself is a single point of failure, but in nearly 20 years of networking, I’ve only ever run into a chassis failure once.Stackables are generally better off than chassis, in that each physical switch in the stack can usually function as the “stack master,” where a new stack master will be elected in the case of a failure. In addition, power is distributed throughout the stack; a failure of the switch’s power supply will only impact one switch, and not the rest of the stack. Interestingly, certain Cisco stackable switches offer StackPower, which can mitigate blown power supplies in a stack.
- Dual uplinks should be spread across the chassis or stack to maximize resiliency.The idea here is to make sure the uplinks from a chassis or stack do not come from the same switch or module. Too often, I’ve seen the dual uplinks coming from the same supervisor engine, meaning that if the supervisor fails, the chassis might be disconnected from the rest of the network, even with dual supervisors.Stackable switches have the same concern. Dual uplinks should be spread across different physical switches in the stack. My practice with closet switch stacks is to place one uplink at the top of the stack and the second at the bottom. Assuming a break in the stack between the top and bottom, this means that both parts of the fragmented stack will still uplink back to the main network.
- Software upgrades are sometimes an all-or-nothing affair.When upgrading chassis switches, you might need to reload the entire chassis to bring up the new software, meaning users aren’t able to access the rest of the network until the chassis is back online. Cisco and other vendors offer in-service software upgrades (ISSU) that can mitigate that issue, but there’s usually a specific hardware requirement such as dual supervisor engines to have ISSU capability.You might intuitively assume that switch stack upgrades can be completed one switch at a time, but reality is that switches in a stack often require very close software versions to be members of the same stack. Therefore, upgrading one switch might render it offline until all the other switches in the stack have been upgraded as well. This issue varies from vendor to vendor and product to product. The point is be sure that your organization is able to cope with a software upgrade process that potentially takes hundreds of user-facing ports offline while the upgrade is going on.
Remember, your closet switch is an integral part of your network. Think carefully about physical locations and connectivity options — that planning will pay off in better performance.