Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Network design recommendation

Hi Guys,

Basically I'm tasked with turning my 40 site layer 2 network (T1 layer 2 connectivity per site) into a routed layer 3 network as I currently have issues with broadcasts saturating the links plus the network is open to my service provider as there is no encryption on the links… I'm simply only thinking of two things at the moment as my budget is extremely tight:

1> Eliminate broadcast by replacing the fully switched network with a routed network

2> Data Security (VPN connections back to the main office)

VOIP would be very beneficial to us at the moment but we simply can't afford it now and we are also locked into a contract with our Telecom provider (PSTN services) that runs for another year and a half.

What should I do? I'm thinking of purchasing the 861 routers (security bundle) for the 40+ sites and connect them back to my main office (which also has a 2821 security bundle) through a VPN.

This would eliminate the two issues I stated above but the other problem is integrating VOIP services into the network a year or so from now, I simply don't want to remove and replace all these routers come mid 2010 or so… We tried to convince management to go VOIP but our IT budget is being slashed at almost every second with this economic storm at hand… How do you build a future proof network on a limited budget :-) ? Let me know your thoughts….

Thanks,

Donavan

7 REPLIES
Super Bronze

Re: Network design recommendation

T1 L2 at remote sites? Could you explain what device at the remote site is connecting the LAN to the T1 and providing L2? Also could you explain how the HQ site also connects? (For instance, it has 40 T1 connections?)

Yes, your service provider can examine your traffic but although it's certainly possible, building VPNs to exclude your service provider traffic content access would raise both the complexity and performance requirements for your network. Unless you really need to secure all your traffic from your provider, you might consider sending just encrypted files across the network, as necessary. (Also helps to preclude server admins and local network engineers from access to data content too.)

New Member

Re: Network design recommendation

Thanks for your response Joseph, basically my service provided gives me a dedicated 1Mb connection L2 connection... The only info I obtain from them is the VLAN ID for each remote site, at the main office router I use sub-interfaces on my 2821 ISR to terminate each remote connection....

At each remote site I currently have a L2 switch and a max of 6 hosts at each remote location..

Also, at the central location we have a 6Mb connection...

Donavan

Hall of Fame Super Gold

Re: Network design recommendation

And at the remote site, is the router owned by the provider?

New Member

Re: Network design recommendation

Yes, the L2 switches at the remote sites belong to the SP...

Thanks - Donavan

Super Bronze

Re: Network design recommendation

What had confused me what your description of L2 T1. You handoffs are Ethernet then? 10 Mbps?

Are the 40 Vlans connected to your HQ router as different subnets? If so, your current HQ router acts as a routing hub between HQ and between all remote sites?

I'm trying to understand your topology better. If the topology is multiple Vlans off the HQ router, each as a subnet, broadcasts should be contained per Vlan segment. The only broadcast issue for such a topology should be physical volume hitting the HQ router's ingress. Remote site routers would constrain that. It's also possible, depending on topology, you could implement site routers downstream of your provider's switch. (BTW: L3 doesn't have to be all or nothing, you might start with L3 at the busiest [broadcasting] remote sites.)

The 861 you've mentioned might be a good candidate, as also might be the 871 if you want to pursue building VPNs. However, I have little experience working with the 800 series, and if you did want to pursue VoIP, unsure they offer all the features you would really want. (Also, since you oversubscribe the HQ link, VoIP performance couldn't be guaranteed [40 Mbps to 6 Mbps].)

New Member

Re: Network design recommendation

You are correct, 1Mbp Ethernet connections per site and each site (VLAN) is terminated on the HQ router as a subnet..... Thanks for your response....

Hall of Fame Super Gold

Re: Network design recommendation

How do you build a future proof network on a limited budget?

You can upgrade the current network with limited budget - future proofing for the next 2-3 years instead of 3-5 years.

You are caught in a dilema: With a tight budget, you choice of getting an affordable switch (perhaps 2960) as compared to a future-proofed model (3560/3750 PoE). Another option is, do you need an upgrade? Can you or the client wait until the financial condition improves and maybe the budget wouldn't be so difficult? Maybe wait until the SP's contract expires, perhaps?

302
Views
0
Helpful
7
Replies
CreatePlease login to create content