Expert opinions needed - Design recommendation

cisconoobie · ‎09-30-2006

Please take a look at both Network designs and tell me which is a better option.

I have more than 2 vlans but this is just a sample of my setup.

I want to make sure I have a redundant inside network. Firewalls are Active/Standby.

Please state why you think one design is better than the other and offer ways to maximize performance.

Currently I am running Network A and thinking about switching to Network B to maximize performance.

vladrac-ccna · ‎09-30-2006

Hello There,

Ive seen both types of designs (with a little modification).

The first type, we call high-availability design ( but we use 2 links between the 2 l2 switches).

and the second type is usual config.

I dont see any problem using network B, but for network A I'd suggest a redundant link (you could use a l2 port-channel too, to avoid SPT blocking 1 of the links) between the 2 l2 sw.

Just make sure you have the correct placement of root bridges and guarantee that you wont have connectivity issues between the HSRP routers on the Core layer. (on Cisco terms, I'd call your routers Collapse Distribution routers).

Vlad

cisconoobie · ‎09-30-2006

All of the switches are layer 2 switches, so your saying to create etherchannel on connections between switches?

I dont see how STP will prevent blocking any links.

Each Inside router is Root bridge for each active HSRP Vlan group.

What about the physical connetion between the inside routers and the firewalls?

The top router is basically connected to the standby firewall and has to push traffic through the other router to get to the outside, no ?

Any suggestions ?

cisconoobie · ‎10-02-2006

Anyone else ?