Redundant Design Question

Unanswered Question
Jul 24th, 2008

Hope someone can provide some advice.

What is the best design for a redundant infrastructure?

The components are:

2 x 3750G switches (stacked)

2 x ASA5520 Firewalls - Active/Passive

2 x F5 load balancers

Firewalls are up front and load balancers are in the back.

The switches have multiple vlans and are used for all connections.

Servers have 2 connections - 1 to each switch for redundancy.

Questions:

Would you use redundant interfaces on the firewall (with 1 connection to each physical switch)

OR

Would you have each firewall (all ports) on 1 switch?

How about the load balancers?

Thanks in advance for any replies.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Jon Marshall Thu, 07/24/2008 - 11:34

You are better off having all ports from firewall_1 connected to switch_1 and all ports from firewall_2 connected to switch_2.

If one of the switches fails and the firewall needs to fail over you want all ports on the now active firewall to be up and running. If you split the ports across switches you could end up with the situation where a switch fails and your active firewall cannot use all it's interfaces.

Not much experience with F5 but to keep things simple i would do the same here. It makes it a lot easier to troubleshoot.

Jon

Actions

This Discussion