08-18-2020 07:45 PM
Hi,
I notice some network have dual home servers.They access the DC server via network card 2 and they aslo access by using network 1 as per below diagram Existing network portion. Some servers of some network used one network card or sometime NIC teaming like Change Plan Network.
Somebody told that existing network is better for security.
Somebody told that Change Plan Network is better security and performance.
So i very confuse. Please let me know what is the pros and con of below two network and which is the more better for security ?
Solved! Go to Solution.
08-20-2020 01:50 AM
Using the L3 switch for the routing is the better with regards to security, this is becuase you are reducing the number of network devices you need manage, number of different software images (and OS installs in the case of using the server) and therefore overall attack surface of network infrastructure.
cheers,
Seb.
08-19-2020 01:35 AM
Hi there,
When I first saw current topology I initial thought you were using the server to provide a route around your network devices, but since the L3 switch is operating a Layer2 this is not the case. The server is being used as just a router. Nothing wrong with that.
However the 'change plan' is the preferred topology simply because you are using the switch to perform the routing. This will have far greater performance than the server. If you ever needed to increase the throughput to your firewalls it would be simple to allocate ports on the switch for etherchannels, therefore giving better scalability. Using the server you would be probably require additional NICs to be installed, this may not be possible dependant on platform.
cheers,
Seb.
08-19-2020 07:17 PM
Hi,
Thanks. if security point of view which one is more better ?
08-20-2020 01:50 AM
Using the L3 switch for the routing is the better with regards to security, this is becuase you are reducing the number of network devices you need manage, number of different software images (and OS installs in the case of using the server) and therefore overall attack surface of network infrastructure.
cheers,
Seb.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide