Hi, please let me know if my rationale below is right or wrong:
Imagine I have fiber connectivity from my MPLS provider to MySite, in which I have (1) 7200 VXR router with special module to accomodate fiber.
The 7200 router is connected to (1) 4500 switch.
If I have money to address one point of ailure or the other, do you agree that I should put one more core switch (and do HSRP) instead of bothering with the router and internet connectivty.
My rationale to address the core switch point of failure first is because at least users should be able to use internal resources in the event of failure. If the 7200 router ever goes south, I would lose Internet connectivity, but as long as I have internal communications thanks to the redundant core switch, that should be a better deal.
I agree with your last post. It would be a good move if you do NOT terminate your external connections on your core switches. The reason being any DOS attacks would have to go through additional layer of protection before your internal (core) network would be compromised. Again, keep in mind cost is a big factor in making decisions.
As far as adding a 2nd core switch that would be a good idea as well as that would prevent a single of failure within the internal network.