Routed design and MLS at the access layer

Recent design guidelines recommend to implement L3 links down to the access layer. A few months ago, I had to think about a network design evolution and I proposed two solutions: keep the existing L2 network that spans on the entire campus or setup a routed design with MLS at the access layer.

Traditional designs put the L2/L3 boundary at the distribution layer, which is generally the first hop. The access layer usually runs L2 switches because they do not deal with IP (L3). A design where you put the L2/L3 network boundary at the access layer require L3 interfaces and routing protocols. This is made possible using multilayer switches.

In my opinion routed designs and MLS at the access layer bring a lot of new features and possibilities in our networks. Here is a comparison between old and new architectures.


L2 only access layer

– ease of use, plug and play
– convenient for support teams

– Does not scale
– Chatty protocols
– Errors / misconfiguration can affect the entire network
– Convergence times are sometimes too important (L2+L3)
– Cannot manipulate forwarding information easily
– Waste of resources


L2/L3 access layer

– Cleaner network
– Scale well
– Improved resiliency
– Improved convergence time
– Possibility to manipulate routing information
– Better use of existing resources

– Need to change the IP and VLAN plans
– Harder IP subnetting work
– Most of support teams are not trained on these technologies


Now, you see what you can do 🙂
Thanks for reading.

More information on: