Basically I'm tasked with turning my 40 site layer 2 network (T1 layer 2 connectivity per site) into a routed layer 3 network as I currently have issues with broadcasts saturating the links plus the network is open to my service provider as there is no encryption on the linksâ¦ I'm simply only thinking of two things at the moment as my budget is extremely tight:
1> Eliminate broadcast by replacing the fully switched network with a routed network
2> Data Security (VPN connections back to the main office)
VOIP would be very beneficial to us at the moment but we simply can't afford it now and we are also locked into a contract with our Telecom provider (PSTN services) that runs for another year and a half.
What should I do? I'm thinking of purchasing the 861 routers (security bundle) for the 40+ sites and connect them back to my main office (which also has a 2821 security bundle) through a VPN.
This would eliminate the two issues I stated above but the other problem is integrating VOIP services into the network a year or so from now, I simply don't want to remove and replace all these routers come mid 2010 or soâ¦ We tried to convince management to go VOIP but our IT budget is being slashed at almost every second with this economic storm at handâ¦ How do you build a future proof network on a limited budget :-) ? Let me know your thoughtsâ¦.
T1 L2 at remote sites? Could you explain what device at the remote site is connecting the LAN to the T1 and providing L2? Also could you explain how the HQ site also connects? (For instance, it has 40 T1 connections?)
Yes, your service provider can examine your traffic but although it's certainly possible, building VPNs to exclude your service provider traffic content access would raise both the complexity and performance requirements for your network. Unless you really need to secure all your traffic from your provider, you might consider sending just encrypted files across the network, as necessary. (Also helps to preclude server admins and local network engineers from access to data content too.)
Thanks for your response Joseph, basically my service provided gives me a dedicated 1Mb connection L2 connection... The only info I obtain from them is the VLAN ID for each remote site, at the main office router I use sub-interfaces on my 2821 ISR to terminate each remote connection....
At each remote site I currently have a L2 switch and a max of 6 hosts at each remote location..
Also, at the central location we have a 6Mb connection...
What had confused me what your description of L2 T1. You handoffs are Ethernet then? 10 Mbps?
Are the 40 Vlans connected to your HQ router as different subnets? If so, your current HQ router acts as a routing hub between HQ and between all remote sites?
I'm trying to understand your topology better. If the topology is multiple Vlans off the HQ router, each as a subnet, broadcasts should be contained per Vlan segment. The only broadcast issue for such a topology should be physical volume hitting the HQ router's ingress. Remote site routers would constrain that. It's also possible, depending on topology, you could implement site routers downstream of your provider's switch. (BTW: L3 doesn't have to be all or nothing, you might start with L3 at the busiest [broadcasting] remote sites.)
The 861 you've mentioned might be a good candidate, as also might be the 871 if you want to pursue building VPNs. However, I have little experience working with the 800 series, and if you did want to pursue VoIP, unsure they offer all the features you would really want. (Also, since you oversubscribe the HQ link, VoIP performance couldn't be guaranteed [40 Mbps to 6 Mbps].)
How do you build a future proof network on a limited budget?
You can upgrade the current network with limited budget - future proofing for the next 2-3 years instead of 3-5 years.
You are caught in a dilema: With a tight budget, you choice of getting an affordable switch (perhaps 2960) as compared to a future-proofed model (3560/3750 PoE). Another option is, do you need an upgrade? Can you or the client wait until the financial condition improves and maybe the budget wouldn't be so difficult? Maybe wait until the SP's contract expires, perhaps?
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...