Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   Does the configuration my ISP provided make sense? If so, how should I configure my Cisco switches to properly utilize the Bridge being implemented with a connection to the internet at each building? (http://www.velocityreviews.com/forums/t433676-does-the-configuration-my-isp-provided-make-sense-if-so-how-should-i-configure-my-cisco-switches-to-properly-utilize-the-bridge-being-implemented-with-a-connection-to-the-internet-at-each-building.html)

calgden 01-14-2007 06:28 PM
Does the configuration my ISP provided make sense? If so, how should I configure my Cisco switches to properly utilize the Bridge being implemented with a connection to the internet at each building?
 
Hi all,

I am quite new to the world of Networking and have just started a
new job which is smack dab in the middle of a major project. The goal
of this project is to migrate all physical server hardware to VmWare
virtual servers as well as migrate those new virtual servers to a
secure locations hosted by another company (Our ISP). My understanding
is that the future network is being provisioned based on the
requirement that we are able to failover to our head office in the case
of a major failure at either the remote host site or the connection
between the two buildings. Basically, the requirement that was stated
was that we shouldn't have to change the IP address of the servers when
we failover the servers (All virtual server images and data stored on
SAN and mirrored across to other building)

I have the questions, based on this info (Thanks in advance)
1. Does this configuration make sense ( I suppose it may be
too late to change the contract with the ISP
but I would like your opinions anyway.
Positives/Negatives) The reason I ask is that even with my
knowledge, something sounds fishy. Did we really have to
go with a bridged solution? Couldn't we
have created the same VLAN's (Utilizing the same subnets
on each side), and had routers NAT
the traffic between the sites??

2. How should I configure the local and remote core switches
to not only allow for traffic to flow
between the buildings but also allow for all outgoing
Internet traffic to flow through the local ISP
connection at each office. I would like to configure it
to keep traffic from traversing the pipe between
the offices wherever possible. (For example, can I have
the core switch at each location act as
the default gateway for the same VLAN/Subnet so that
traffic doesn't traverse the connection
just to find the route to another VLAN on the switch in
the same office?

FYI:
Existing Configuration at our head office:

Cisco 4510r - Acts as gateway for all current VLANS except DMZ -
Server, Workstation, VOIP etc
- Trunked connection to a switch on each floor (Cisco
3560)
- Trunked connection to existing Firewall (Netscreen
50) which is our access to the internet
- All servers connected to GB ports

NetScreen 50 - Has one port connecting to the ISP Router to Internet
- Has one port connecting to 4510 trunk port (For
all VLANS except DMZ)
- Has one port connecting to our 4510 (DMZ VLAN)
It is the DMZ VLAN's gateway

Cisco 3560 - All workstations and phones on each floor connected to
these devices

Future Configuration at our head office:

Cisco 4510r - Acts as gateway for all current VLANS except DMZ -
Server, Workstation, VOIP etc
- Trunked connection to a switch on each floor (Cisco
3560)
- Trunked connection to existing Firewall (Netscreen
50) which should be this offices access to
the internet.
- Trunked connection to ISP Switch for Bridge service
between buildings

NetScreen 50 - Has one port connecting to the ISP Router (ISP Managed
Device) to Internet
- Has one port connecting to 4510 trunk port (For
all VLANS except DMZ)
- Has one port connecting to our 4510 (DMZ VLAN)
It is the DMZ VLAN's gateway
- ISP Managed Device

Cisco 3560 - All workstations and phones on each floor connected to
these devices


Future Configuration at the new remote server hosting facility:

Cisco 3750 - Trunked connection to Firewall (Netscreen ??) which is
the remote locations access
to the internet. This will also be the incoming
connection for all SMTP traffic
- Trunked connection to the ISP managed switch for
Bridged service between the buildings
- All servers connected to this device

NetScreen ?? - Has one port connecting to the ISP Router to Internet
- Has one port connecting to 4510 trunk port (For
all VLANS except DMZ)
- Has one port connecting to our 4510 (DMZ VLAN)
It is the DMZ VLAN's gateway


Future Configuration for bridged services between sites:
While I don't have exact configuration information, the ISP has
explained that they have configured a bridged "service" allowing us to
extend all VLAN's to the other location. The only other info that they
have mentioned is that they are utilizing an ATM cloud.

I apologize if I have provided too much info for the questions. Again,
any assistance would be appreciated.


All times are GMT. The time now is 02:52 PM.

Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57