3-site connectivity using Catalyst C3560E switches with SFP-GE-Zs?

Answered Question
Nov 30th, 2009

Hello all,

I'm in a bit of a pickle and was hoping that someone would present a sound, logical argument against my connecting three small offices via gigabit fiber and Catalyst 3560E-24TD-E switches. If what I'm suggesting makes sense, please tell me that, too. Any tips (aside from "call a consultant"-- been there, done that; long story) would be greatly appreciated.

The small company where I work has finally decided to connect their three small offices, which are spread over 50-some kilometers. The main site is centrally located, and each site will have its own Internet connection (DSL or business cable) with an ASA 5505. We have already leased SM fiber or pulled our own (when possible) and are now ready to purchase the requisite devices. We'll be running gigabit ethernet between sites by way of SFP-GE-Z and the previously-mentioned SM fiber. Overall, we need speed, so something line/wire-rate is needed.

I was ready to go with a previous recommendation of a Cisco 2811, but stopped after reading that the 2811 platform peaks out at 350-400Mbps, which simply makes the purchase of the SFP-GE-Z transceivers absurdly wasteful. Understandably, the partner was hoping to get us to migrate to Cisco CME, but I deployed a new IP PBX at our main site last month, so a switch to CCME isn't going to happen anytime soon.

While budgets are relatively tight, we would gladly pay the premium to go with Catalyst 3650E-24TD switches (and SFP-GE-Z) with IP Services than buy the cheaper 2811 with the SFP-GE-Z and not reach line-rate (platform maxes out at 350-400Mbps).

In short, the 3800 & 3900 series routers seem a bit overkill (local services and price-wise), as we have no desire to use Cisco TelePresence or 802.11n wireless. Also, the Catalyst 3650E-24TD-E has 4 SFPs (using X2 to 2x SFP adapters), whereas the 3800-series maxes out at 1. One SFP slot won't address our need at our central site and I really don't want to use media converters. I can't buy both 3900 series routers and 3560Es. The prices on the 6500 and 7200 devices are unrealistically high. With the economy as it presently is, we might have to cut someone at each location to afford the hardware if we went with the loaded 6500 or 7200 options.

I have already spoken with two resellers who provided quotes at greater than retail (or CDW) prices for the hardware (before mention of programming/consulting). I was laughed at when I inquired about discount options/packages (by each consultant). I was told that times were hard for them, too and that I just needed to suck it up.

The last quote that I read involved a Cisco 7200, 3 Catalyst 3650E-24TD-Es and my employer's first born. Yes, I know that you get what you pay for with Cisco, but such was not the case with this quote. Nearly 50% markup over retail/CDW before provisioning/consulting!? Times are hard-- we can't afford that. But I digress... Heck, the local cable provider uses a 7200 at his CMTS. We don't quite need that level of functionality.

At this point, I'm willing to configure the devices myself, though it has been many moons since my last CCNA class (before they phased out IPX support and mentions of Token Ring). I've worked with network systems for years, though I have been away from Cisco's product line for too long to know which parts to buy at this point. The thought of going with Nortel leaves a bad taste in my mouth.

Aside from the obvious lack of VPN/encryption, what glaring, obvious deficiency am I failing to see that using a router would provide over a Layer 3 switch? Might going with the 3750E-series be better? Of course, I would prefer to encrypt the WAN links, though we're really not terribly worried about people climbing our poles and splicing our fiber in the middle of nowhere (not exactly easy access). I realize that the risk is always there, though I was told to make due with ACLs and VLANs.

Does what I'm suggesting make sense? Are the requirements unrealistic? Might the Catalyst 3560E-24TD-E be sufficient for connecting three small offices together? Should I look at other products? If so, which series? Should I tell my boss that he's crazy?

Thank you!

I have this problem too.
0 votes
Correct Answer by Reza Sharifi about 7 years 1 week ago

In addition to what Jon already mentioned I have to add one more:

5) WAN connectivity.  Small switches (3560s and 3750s,etc )do not support WAN cards. If you have to bring a T1, E1, etc to one of your site at a later time, then you have to buy a router at that time.

HTH,

Reza

Correct Answer by Jon Marshall about 7 years 1 week ago

Everen_net wrote:

Hello all,

I'm in a bit of a pickle and was hoping that someone would present a sound, logical argument against my connecting three small offices via gigabit fiber and Catalyst 3560E-24TD-E switches. If what I'm suggesting makes sense, please tell me that, too. Any tips (aside from "call a consultant"-- been there, done that; long story) would be greatly appreciated.

The small company where I work has finally decided to connect their three small offices, which are spread over 50-some kilometers. The main site is centrally located, and each site will have its own Internet connection (DSL or business cable) with an ASA 5505. We have already leased SM fiber or pulled our own (when possible) and are now ready to purchase the requisite devices. We'll be running gigabit ethernet between sites by way of SFP-GE-Z and the previously-mentioned SM fiber. Overall, we need speed, so something line/wire-rate is needed.

I was ready to go with a previous recommendation of a Cisco 2811, but stopped after reading that the 2811 platform peaks out at 350-400Mbps, which simply makes the purchase of the SFP-GE-Z transceivers absurdly wasteful. Understandably, the partner was hoping to get us to migrate to Cisco CME, but I deployed a new IP PBX at our main site last month, so a switch to CCME isn't going to happen anytime soon.

While budgets are relatively tight, we would gladly pay the premium to go with Catalyst 3650E-24TD switches (and SFP-GE-Z) with IP Services than buy the cheaper 2811 with the SFP-GE-Z and not reach line-rate (platform maxes out at 350-400Mbps).

In short, the 3800 & 3900 series routers seem a bit overkill (local services and price-wise), as we have no desire to use Cisco TelePresence or 802.11n wireless. Also, the Catalyst 3650E-24TD-E has 4 SFPs (using X2 to 2x SFP adapters), whereas the 3800-series maxes out at 1. One SFP slot won't address our need at our central site and I really don't want to use media converters. I can't buy both 3900 series routers and 3560Es. The prices on the 6500 and 7200 devices are unrealistically high. With the economy as it presently is, we might have to cut someone at each location to afford the hardware if we went with the loaded 6500 or 7200 options.

I have already spoken with two resellers who provided quotes at greater than retail (or CDW) prices for the hardware (before mention of programming/consulting). I was laughed at when I inquired about discount options/packages (by each consultant). I was told that times were hard for them, too and that I just needed to suck it up.

The last quote that I read involved a Cisco 7200, 3 Catalyst 3650E-24TD-Es and my employer's first born. Yes, I know that you get what you pay for with Cisco, but such was not the case with this quote. Nearly 50% markup over retail/CDW before provisioning/consulting!? Times are hard-- we can't afford that. But I digress... Heck, the local cable provider uses a 7200 at his CMTS. We don't quite need that level of functionality.

At this point, I'm willing to configure the devices myself, though it has been many moons since my last CCNA class (before they phased out IPX support and mentions of Token Ring). I've worked with network systems for years, though I have been away from Cisco's product line for too long to know which parts to buy at this point. The thought of going with Nortel leaves a bad taste in my mouth.

Aside from the obvious lack of VPN/encryption, what glaring, obvious deficiency am I failing to see that using a router would provide over a Layer 3 switch? Might going with the 3750E-series be better? Of course, I would prefer to encrypt the WAN links, though we're really not terribly worried about people climbing our poles and splicing our fiber in the middle of nowhere (not exactly easy access). I realize that the risk is always there, though I was told to make due with ACLs and VLANs.

Does what I'm suggesting make sense? Are the requirements unrealistic? Might the Catalyst 3560E-24TD-E be sufficient for connecting three small offices together? Should I look at other products? If so, which series? Should I tell my boss that he's crazy?

Thank you!

For the same price point switches will indeed support a faster line rate and throughput. But you have to remember that routers are far more flexible devices than switches. Some things routers can do that switches (or most switches ie. not the 6500) can't -

1) NAT

2) QOS - switches can do QOS but they do not support the full feature set that routers do

3) Firewalling - routers can run a firewall feature set

4) VPN/IPSEC as you say

i'm sure others will add other things. So it's a trade off between what you need right now and what you may need further down the line. And also bear in mind that what you need right now might mean you choose a router rather than a switch. If you haven't already, draw up a full list of requirements and make sure you can meet all of these with a switch. NAT is a good example where it is easy to overlook but a pain when you realise you need to do it but your switch doesn't support it. I'm not saying you need NAT but just using that as an example.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Mon, 11/30/2009 - 13:13

Everen_net wrote:

Hello all,

I'm in a bit of a pickle and was hoping that someone would present a sound, logical argument against my connecting three small offices via gigabit fiber and Catalyst 3560E-24TD-E switches. If what I'm suggesting makes sense, please tell me that, too. Any tips (aside from "call a consultant"-- been there, done that; long story) would be greatly appreciated.

The small company where I work has finally decided to connect their three small offices, which are spread over 50-some kilometers. The main site is centrally located, and each site will have its own Internet connection (DSL or business cable) with an ASA 5505. We have already leased SM fiber or pulled our own (when possible) and are now ready to purchase the requisite devices. We'll be running gigabit ethernet between sites by way of SFP-GE-Z and the previously-mentioned SM fiber. Overall, we need speed, so something line/wire-rate is needed.

I was ready to go with a previous recommendation of a Cisco 2811, but stopped after reading that the 2811 platform peaks out at 350-400Mbps, which simply makes the purchase of the SFP-GE-Z transceivers absurdly wasteful. Understandably, the partner was hoping to get us to migrate to Cisco CME, but I deployed a new IP PBX at our main site last month, so a switch to CCME isn't going to happen anytime soon.

While budgets are relatively tight, we would gladly pay the premium to go with Catalyst 3650E-24TD switches (and SFP-GE-Z) with IP Services than buy the cheaper 2811 with the SFP-GE-Z and not reach line-rate (platform maxes out at 350-400Mbps).

In short, the 3800 & 3900 series routers seem a bit overkill (local services and price-wise), as we have no desire to use Cisco TelePresence or 802.11n wireless. Also, the Catalyst 3650E-24TD-E has 4 SFPs (using X2 to 2x SFP adapters), whereas the 3800-series maxes out at 1. One SFP slot won't address our need at our central site and I really don't want to use media converters. I can't buy both 3900 series routers and 3560Es. The prices on the 6500 and 7200 devices are unrealistically high. With the economy as it presently is, we might have to cut someone at each location to afford the hardware if we went with the loaded 6500 or 7200 options.

I have already spoken with two resellers who provided quotes at greater than retail (or CDW) prices for the hardware (before mention of programming/consulting). I was laughed at when I inquired about discount options/packages (by each consultant). I was told that times were hard for them, too and that I just needed to suck it up.

The last quote that I read involved a Cisco 7200, 3 Catalyst 3650E-24TD-Es and my employer's first born. Yes, I know that you get what you pay for with Cisco, but such was not the case with this quote. Nearly 50% markup over retail/CDW before provisioning/consulting!? Times are hard-- we can't afford that. But I digress... Heck, the local cable provider uses a 7200 at his CMTS. We don't quite need that level of functionality.

At this point, I'm willing to configure the devices myself, though it has been many moons since my last CCNA class (before they phased out IPX support and mentions of Token Ring). I've worked with network systems for years, though I have been away from Cisco's product line for too long to know which parts to buy at this point. The thought of going with Nortel leaves a bad taste in my mouth.

Aside from the obvious lack of VPN/encryption, what glaring, obvious deficiency am I failing to see that using a router would provide over a Layer 3 switch? Might going with the 3750E-series be better? Of course, I would prefer to encrypt the WAN links, though we're really not terribly worried about people climbing our poles and splicing our fiber in the middle of nowhere (not exactly easy access). I realize that the risk is always there, though I was told to make due with ACLs and VLANs.

Does what I'm suggesting make sense? Are the requirements unrealistic? Might the Catalyst 3560E-24TD-E be sufficient for connecting three small offices together? Should I look at other products? If so, which series? Should I tell my boss that he's crazy?

Thank you!

For the same price point switches will indeed support a faster line rate and throughput. But you have to remember that routers are far more flexible devices than switches. Some things routers can do that switches (or most switches ie. not the 6500) can't -

1) NAT

2) QOS - switches can do QOS but they do not support the full feature set that routers do

3) Firewalling - routers can run a firewall feature set

4) VPN/IPSEC as you say

i'm sure others will add other things. So it's a trade off between what you need right now and what you may need further down the line. And also bear in mind that what you need right now might mean you choose a router rather than a switch. If you haven't already, draw up a full list of requirements and make sure you can meet all of these with a switch. NAT is a good example where it is easy to overlook but a pain when you realise you need to do it but your switch doesn't support it. I'm not saying you need NAT but just using that as an example.

Jon

Correct Answer
Reza Sharifi Mon, 11/30/2009 - 13:38

In addition to what Jon already mentioned I have to add one more:

5) WAN connectivity.  Small switches (3560s and 3750s,etc )do not support WAN cards. If you have to bring a T1, E1, etc to one of your site at a later time, then you have to buy a router at that time.

HTH,

Reza

Everen_net Mon, 11/30/2009 - 13:51

Reza,

Thanks for the input. I considered the lack of proper WAN connectivity at first, though we're using our own fiber to avoid having to use T1/T3/similar circuits, save for local internet access. Either way, thank you! Your input is valued.

Anybody:

Any routers out there that come close to fully utilizing their gigabit interfaces that cost less than $10k?

Everen_net Mon, 11/30/2009 - 13:47

That's what I was thinking. I suppose that I just needed a second set of eyes to tell me that.

Yes, NAT would be nice. Obviously, firewalling is important, though some basic protection may be provided by ACLs. QoS is important, but overall throughput is more important at this point. It's really a shame that router pricing hasn't kept pace with ethernet speed improvements. Such is life, I suppose.

Thanks for your input. I still have a bit to weigh, as the boss is rather insistent that he see gigabit (well, 900Mbps or better) across the fiber.

Thanks again!

vmiller Mon, 11/30/2009 - 14:59

First question. Have you any valid measures of exactly how much

througput you need ? The reason I ask is that it seems folks focus

on getting GIg Ethernet, when they realistically have nothing that

runs that fast.

Once you establish a traffic pattern & volume, you can better estimate

what you might need.

As other responders have noted, there are a series of tradeoffs to be made

between a pure router or pure switch solution. I would suggest a blend,

or a switch with really strong Layer 3 capabilities.

The resellers are up selling you, the 72xx is massive overkill.

But again, how much traffic?????

Everen_net Tue, 12/01/2009 - 04:49

Primarily, the traffic consists of heavy iSCSI traffic, clustered db transactions with frequent dumps to mirror server and nearly 400Mbps of existing h.264 video (not TelePresence, but surveillance). When I said that we wouldn't be doing video, I should've specified that we wouldn't be going with a Cisco video solution, as we're already set with that. Sorry for any confusion. I may be able to reduce the video requirements, but not by very much-- perhaps by 50Mbps.

Due to circumstances at the secondary locations, I was told that putting in domain controllers/file servers on-site would not be an option. I know that placing an expensive Layer 3 switch seems daft when I can't place a server there, but those are my orders. I realize that we could probably get by with less, but I was ordered to procure a solution with at least 900Mbps of throughput and there appears to be little negotiation on that point. My hands are tied on requirements, I'm just trying to do the best that I can given the circumstances.

To all, thank you for your advice and sanity-checking assistance.

vmiller Tue, 12/01/2009 - 08:51

OK, now we know the management hot button. I'd suggest looking at

good solid Layer 3 capable switches versus routers.

My reasons are:

1. mgmt has made it clear what the throughput requirements are. This can be done with a router but its costly.

2. you have fiber between all locations.

3. you still need the ability to mark and classifiy traffic, but you really don't have a WAN.

The 3560 "might" be a little light for this. I would try and develop 3 price/performance options, with the one you want in the middle!

Leo Laohoo Tue, 12/01/2009 - 15:44

I was laughed at when I inquired about discount options/packages
How rude!  If times are tough, you don't insult (would-be) clients.  Where did they learn their Customer Management skills?  MacDonalds?  When times are tough, you bend over backwards to do future businesses with you not just once.

Any routers out there that come close to fully utilizing their gigabit interfaces that cost less than $10k?
The only router that pass (un-encrypted) gig traffic would be the 7200 with NPE-G2 card. Have a look at the "cheat sheet":  http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf

If the ASA5505 is between your network and the DSL provider, it doesn't matter because the ASA's got 10/100 interface.  Besides ... With a 2850 or 3800 you can "roll" the ASA into the 2850 or the 3800 router (with the correct IOS feature, of course).

900Mbps????  Is management serious or did they just grabbed this stupid figure from thin air?

I'd go back to them and find out where they got this number.  In my book, I think someones put an extra "0" in the figure.  In my network, I have 1Gig dark fibre (>100 sites) and I'm doing VoIP, Wireless, VoWLAN, and all the other stuff but link utilization per day does not exceed 200Mbps.


Actions

This Discussion