Solved: data center Design - Page 2

Network Pro · ‎04-08-2012

hi,

if you need to design a large campus area network with two 6500 and edge switches and distribution switches what will be the best design

1. is it better to etherchannel two 6500 at the core OR is it better to run routing protocol between both the cores

2. is it better to etherchannel core switches to distrubution or run routing protocol between them ?

3. is it better to etherchannel distrubution switches to access switches or run routing protocol between them?

basically i want to know where to run routing protocol between in the cisco 3 layer architecture ?

thanks

siddhartham · ‎04-18-2012

Look good but I want to suggest minor changes

-----------1. use two 6500 as core and run routing protcol (either ospf or eigrp)

I am not sure about the price range of Nexus 7Ks, if they are in the same range as 6500 I will sugget to go with 7Ks.If they are not then try to buy 6500 s with VSS-SUP modules.

--------------------2. a. use two 3750 as distrubution / aggregation as run routing protocol between 6500 and 3750 (dual connecting to each 3750 from each core)

b. run a port channel between two cisco 3750 (layer 2)

3. use cisco 2960 as layer 2 between distribtuion and access (hsrp on 3750 to access layer)?

If you are planning on using 3750G or 3750X switches for distribution/aggregation layer, then you can stack those switches and connect the servers or users directly to the 3750s and completely eliminate the access layer.------This will act as distribution/aggregation/access layer

------------------also where will i terminate the firewalls ? or the core or on distrubution ?

You can connect the firewall between your Core switches and exit router

HTH

Siddhartha

Network Pro · ‎04-18-2012

thanks for this.

1. just wondering if i am going to use routing protocol between the 6500 (not nexus ) then why do i need a vss sup module as i will not be vss this ?

2. all the servers, do they connect back to distrubution or access layer ?

3. and the firewalls you mentioned, do they connect directly to the core or distribution layer ?

siddhartham · ‎04-18-2012

----------------1. just wondering if i am going to use routing protocol between the 6500 (not nexus ) then why do i need a vss sup module as i will not be vss this ?

You are right. Since you are using layer 3 links between core and distribution you won't get any benifit other than single point of management.

----------------2. all the servers, do they connect back to distrubution or access layer ?

How big is your data center?

If its small, you can use 3750s as the core for the entire data center and for the access layer you can use 3560G or 2960 switches and connect servers to the access layer switches.

if datacenter is mediam in size and expecting growth in next 5 years then I would suggest atleast go with 5020 or 5548s at the core of the data center and use 2Ks to connect servers.

---------------3. and the firewalls you mentioned, do they connect directly to the core or distribution layer ?

What do you want to achieve with the firewalls?

Siddhartha

Network Pro · ‎04-18-2012

so,

1. i dont need vss if i am using routing between two core's, isnt it ?

2. firewall - its mainly to reach outside world - but just wondering if it should be connected to core or to distribution layer

how will you design if you have to connect about 100 datacenter servers (can webservers, dmz, application servers ) with an external internet connection through a firewall ? what devices will you use ?

its jsut for my learning and not on an production environment - so would like to know cisco best practice.

Thanks

siddhartham · ‎04-18-2012

------------1. i dont need vss if i am using routing between two core's, isnt it ?

YES

2. firewall - its mainly to reach outside world - but just wondering if it should be connected to core or to distribution layer

One interface of the firewall goes to the end router that connects to your ISP, one of the other 2 interfaces goes to LAN (core switch) and the other one goes to DMZ (webservers)

---------------how will you design if you have to connect about 100 datacenter servers (can webservers, dmz, application servers ) with an external internet connection through a firewall ? what devices will you use ?

Its really based on the BUDGET

Medium size company (100 Servers)

2 - 6500s CORE of the entire comany ( with 10G cpable Sup engine)- helps you to expand in future

2 - 5548s Core of the data center-- 1G/ 10Gig layer 3 uplinks to core (6500s) --This will give layer 2 expandability in DC

Nexus 2Ks for the 1G server connectivity

Siddhartha

Network Pro · ‎04-19-2012

just 1 last question

if i enable vss, can i have hsrp as well (i know if you enable vss, its logicaly 1 switch but just wondering if hsrp can be enabled and any problems caused by this ?)

Thanks

Chad Peterson · ‎04-19-2012

You can enable HSRP, but it would function just like if you enabled HSRP on 1 router. So no issues there, but if you don't have an HSRP peer its just providing an extra IP address.

Network Pro · ‎04-19-2012

thanks for this