cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
362
Views
0
Helpful
4
Replies

Network Design Question

network_team
Level 1
Level 1

Hi I am redesigning a network for the please can someone clarify the following questions;

At the DC I have a:

2 x Distribution switches 4506-10G

2 x Core switches 6500 10G

2 x DMZ switches 4503

The Dis switch is where I connect the external connection to the Client site. Do I also configure all the Virtual vlan interfaces on the Dis switches with the routes to different networks? Or do I configure the vlans interfaces on the Core where all the blades are connected with the 10G uplinks

.

4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Levent,

if the 10GE links are routed links you can terminate the server vlans on the core switches.

This is recommended to limit broadcast traffic otherwise broadcast traffic has to travel on the 10GE links.

confining broadcast traffic is one of the key factor for scalability.

Modern campus design uses a L3 core, old design used a L2 only core but with modern multilayer switches a L3 core is a better choice.

Deploy an appropriate routing protocol like EIGRP or OSPF for fast convergence between distribution devices and core switches.

note:

I don't understand how you use the DMZ: it looks connected to Dis block and to core block but if it is so it is in parallel with the 10 GE links between Dis and core.

In security designs a DMZ is usually the third leg of a Firewall that can be accessed from outside world.

Hope to help

Giuseppe

Hi

we have a L2 network. So my understanding is to have all the external client links connected to the DIS and create all the virtual vlans on the core. The DMZ is where we plu in the firewall interfaces segrated vlans but not the external web

Collin Clark
VIP Alumni
VIP Alumni

I would create user VLANs on the 4503s, Server VLANs on the 6503s, and layer 3 links between all switches. Essentially the 4506s become your 'core'.

Hope that helps.

Given this less-than-optimal topology, I sort of agree with Collin.

The 6504s are effectively acting as server farm distribution layer switches, the server blades being the access layer.

The 4506s are acting as aggregation switches for the different users/clients (by the way, makes me wonder why the clients arent firewalled, but I guess that is another discussion) who access the data center via L2 links. So, the L3 boundary should be the 4506s. This is where the user and client L3 SVI interfaces should be created and inter-vlan routing occuring.

So, as for the core, I would either get two more switches and have redundant L3 links between them and the server farm and user/client modules, with OSPF or EIGRP, leveraging ECMPs. Or, use redunandt L3 uplinks bteween the user aggregation and server farm switches and have the server farm switches act as a collapsed core.

HTH

Victor

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: