I am currently overhauling an existing colo lan that has been hacked ontop of the existing server lan with a goal of separating it out. As part of this process, I get to throw a new router in a rack, give it a switch, and renumber the colos, so I'm effectively starting from scratch.
As is stands now, there will be a /22 statically routed to the router, a 4500. The router will feed an HP 4000M switch. Each colo account will be allocated 1 switch port on said switch.
Beyond basic routing, I'm sure there's more I can do using the capibilities of the switch and router to accomplish a few goals:
1) Bandwidth control - The contracts allow for a given sustained bandwidth, and bursting above that. I'd like sanity limits for each colo to keep any one from hogging resources needlessly.
2) Security - If I can keep broadcast traffic limited to a a colo's netblock, great. If I can lock down tight enough that each colo can't sniff the other, even better.
3) Ease of maint - I'd prefer to not have to spend a half hour making conf changes to add a new netblock/port or shrink/grow an existing colo's assignment.
With those basic ideas, what systems/tech should I be looking into?
Also, slightly off topic, anyone know roughly how much traffic a 4500 can safely shape before reaching 80% cpu, straight ip over ethernet?
kinda tells you bust out for a 36xx and it will give you room for grouth and some of the new features in IOS will not be supported with the older NM's etc
here is the answer to the other Q
Cisco Systems' new six-port Ethernet Network Processor Module for the Cisco 4500 provides six 10BaseT ports, tripling the density of the existing Ethernet options for this router platform. With three six-port modules installed, the Cisco 4500 can connect up to 18 Ethernet segments. Alternatively, two Ethernet modules and an ATM or FDDI interface provide economical access for 12 Ethernets to an ATM or FDDI backbone
I use colo to mean a customer paying for space and network access within our facilities. What kind of traffic can I expect a 4500M+ to handle? As of right now we're probalbly seeing a sustained 4 to 5Mb/sec of ethernet, the current uplink for the switch all the CO-Locators are fed off of is 10baseT full duplex.
My current thought was to setup vlan tagged subinterfaces, one per colo account. Route their block to that subinterface. Use a 100baseT Full Duplex uplink from the 4500M to the HP switch, and via vlan tagging, have one port enabled for that vlan. The only access lists would be anti spoof filters, and a bandwidth cap of thee times their guaranteed sustained amount by contract to keep one customer from swamping the link excessivly. I've also contemplated using WRED to help keep them throttled down, but haven't acutally used it yet so not sure of the ramifications there.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.