Router Sizing and Interfaces

Unanswered Question

We are looking to increase our capacity and redundancy to the internet. We will have 2 ISP with 2 10Mbit fiber connections handing off to us with a 10/100 fast Ethernet. These connections will be terminated in 2 different building connected by our fiber (24 strands). We will be running BGP with both providers but only accepting peers connected to the ISPs and a default route to everything else. Internally HSRP will be used for redundancy from an active/passive ASA firewall cluster. Each router will connect into a 3560 switch. The 3560?s will each connect to one of the ASAs and each other. We would also like the 2 routers to connect to each other so that we could have one of the switches fail and still use the full capacity of both links.

1) Which series/model should we be looking at for our router? I was thinking a 2851. The router would have to be able handle traffic for both connections assuming one of the 3560 failed and the other router was forwarding traffic through it. It will also need to be able to have at least one other interface added to it (see question 2).

2) Instead of using a fiber HWIC to connect the two routes to each other could we instead add another 10/100 Ethernet port with media converters to fiber. This is being done for cost. Are there any disadvantages to this route other than we have increased the number of devices for the connection from 2 to 4.

3) For the 3560 we were looking at the 8 port model with the single SFP slot. The reason for this is to lower cost/wasted ports and it has the longest mean time between hardware failures for the 3560 series since it doesn?t have a fan. Pros/Cons?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Paolo Bevilacqua Mon, 10/01/2007 - 15:20

1. 2851 should be fine. For a bit of growth look into the 38x5 also.

2. avoid media converters if possible at all. If purchased smartly, hwic and sfp are not that expensive.

3. the small 3560 is great value for the price. go ahead and grab one as long as they make it :)

Joseph W. Doherty Tue, 10/02/2007 - 06:02

Agree with Paolo. 2851 should do well although I recall it's recommended for something like 6 or 8 T-1s. 3825, might provide some additional headroom for future additional growth.

If you're going to interconnect the 3560s, why interconnect the routers? If a router link fails, have the local 3560 forward traffic to the other 3560 and then out its router. (This also covers failure of the router itself.)

One of the reasons was because we could still use both ISP if one of the switches went down. The other reason was to try to avoid traffic having to flow from one router back through the switches to the other router when it is using a directly connected route using the second ISP. Internally all traffic would be sent to one of the routers because of HSRP. I had thought about redistributing the routes from BGP into OSPF and running that on the ASAs instead of using HSRP but I was not sure what type of performance impact that would have on the ASAs. They are 5520s in an Active/Passive failover setup. Any thoughts?

Joseph W. Doherty Tue, 10/02/2007 - 09:40

Agreed, having the interconnect directly between your routers would handle failure of a 3560. However, when you lose a switch, most traffic might prefer using the initial router's WAN link.

Using HSRP on the routers might also lead to unexpected outbound load imbalance again because of possible preference of the initial router's WAN link.

You could consider using GLBP on the routers or OSPF advertising a default route. The latter could be used with or without injection of BGP routes. Normally, I would recommend against injecting Internet BGP into your IGP, but since you only plan only accepting ISP directly connected ASs, if there aren't too many, that might be okay too.

I haven't worked with ASAs, so can't comment on them.

In general, I usually worry more about load balance of my WAN links rather than the optimal AS path selection or internal LAN path. This because they often are the first choke point.

For additional optional usage of your Internet WAN connections, you might want to read up on OER.

Actions

This Discussion