Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1088
Views
0
Helpful
4
Replies

understanding existing network - Need Help

Sagar Purohit
Level 1
Level 1

‎02-24-2013 09:53 PM - edited ‎03-03-2019 06:59 AM

Hello All,

      My name is Sagar. I am new to design. I have been asked to redesign our primary data center and build a new DR data center. So I have been working to understand the existing DC which is completely scattered with too many unnecessary configs. The DC is not at all big it only consists of two core switches 4500, two HA pair 5520ASA, and one SP managed EVPN router. And has couple of servers (apps) which are required to run bussiness.

     So far now I have understood a bit of routing and switching. But I am facing problem with the traffic flow for the servers as I am unable to get the servers details properly.

Can someone help me to get the details of servers like what all information about the servers is necessary for me to complete this work so the same can be replicated to DR data center.

I had requested with these fields first but didn't help me.

Location

Server

Application

URL

Internal IP

Public IP

DMZ/Corp

Then I have requested with the below details but I didn't got any answers for this yet.

Name

Type

Description

Application

Principal Role

Secondaries Roles

Access By

If you can please send me the details you would request and how would you proceed futher if you were asked to do the same, would be very helpful.

Thanks

Sagar

Labels:
0 Helpful
4 Replies 4

tobyarnett
Level 1
Level 1

‎02-27-2013 05:26 PM

Sagar,

Are you building a new DR site from scratch or are you redesigning an existing site? You may not need all of that information your looking for. In reality for a network to be reconfigured you need a detailed list of IP addresses (public and internal) and these you should be able to get from the ARP table (show arp) and looking at the configurations on your routers and firewalls were the public NAT translations work. Once you have the listing of IP addresses it should allow you to create the Layer 3 vlan's, add in your routing protocols, and begin the design process.

You should not need to use the application data unless your configuring the ACL's on your firewalls. However you can also do this by running some logging on your ACL's to narrow down the ports and protocols. That is a much more difficult process but in the end you may need to get a project together and get senior management involved to help get some of your questions answered.

Let me know if you have more questions, this can be a time consuming process. Please let me know if this is a completely new or rebuilding an existing DR site.

-Toby

Remember to please rate any helpful comment or post.

-Toby


Please don't forget to rate any helpful post.

_____________________________________
There are no great limits to growth because there are no limits of human intelligence, imagination, and wonder.
- Ronald Reagan
0 Helpful

Sagar Purohit
Level 1
Level 1
In response to tobyarnett

‎02-27-2013 06:54 PM

Thanks Toby

I am redesigning the primary as it very scattered with unnecesary vlans and redesigning DR as in current scenario both doesn't match at all. Current DR will not work when primary goes down so I need to get it working.

I was looking for this kind of information because some subnets are behind firewall and the firewall also rus OSPF to exchange routes. Also the internet link is terminated on firewall.

I have very less information about the apps running so have no idea which apps communicates with which database server on whcih port (or whatever). hence I'm looking for this kind of info.

I'm bit confused with, how I can differentiate between server IP's with sh arp. Like there will mulitple servers which can be communicating with different servers.

Thanks

Sagar

0 Helpful

tobyarnett
Level 1
Level 1

‎02-27-2013 09:15 PM

Sagar,

The redesign process is much more difficult then a new build. You obviously have to deal with the current working servers as well as building new zones to help streamline your configurations and overall design. So let's look at your new design in a phased approach because the overall task is too difficult to tackle if done all at once.

So the first task should be to connect your two sites. I would suggest using a VPN configuration that terminates below each respective site firewall. Once you get your site to site GRE tunnel up you can work on building in your dynamic routing between the sites. Since you already have OSPF maybe a good idea to continue using this protocol. I personally like it and use it when possible to allow for alternate vendor upgrades in future changes. Control your routing by using route maps on your redistribution statements. The goal is to be able to access all networks in both sites via dynamic routing. If access is restricted in firewalls that is fine, the point is you have a network connection.

Next phase look at re-IP'ring your network. Plan to use some larger contiguous IP ranges (i.e. 10.0.0.0/20 for prod and 10.1.0.0/20 for DR) this will help for future routing updates as well as allows you to summarize routes when needed. Equally you can quickly identify which site the server belongs to by the IP address.

Next phase is clean up. Do this as you move through the network. Remove unneeded VLANs, routes, ACLs, and other unneeded configs.

Make sure to keep all configs as simple as possible and you can add detail as needed.

Let me know if this is the info your looking for and I can get into more detail. Just wanted to get a high level here and see if I was giving you the info you were needing or missing the beat.

-Toby

Please remember to rate any helpful posts.


Sent from Cisco Technical Support Android App

-Toby


Please don't forget to rate any helpful post.

_____________________________________
There are no great limits to growth because there are no limits of human intelligence, imagination, and wonder.
- Ronald Reagan
0 Helpful

Vidyadhar Evani
Level 1
Level 1

‎03-10-2013 09:41 AM

Hi Sagar,

Even I had similar challenge when I was re-designing th existing cutomer network. Would like to add few tips that may help you

1. First gather the Complete inventory

2. Check for EOL & EOS- Check if anything can be re-used.

3. Plan for hierarchical design with full redundancy

4. Well planned IP schema would help you to summarize and ease to identify during troubleshooting

5. Lay down Physical and Logical design

6. Have a clear idea on L2 & L3 traffic flows

7. Plan for proper security boundaries

8. Think of all failure scenarios and their alternate path

9. Plan for good QOS approach based on Customer business needs

10. Note the current design limitations and try to address those in re-design

/Vidya
0 Helpful
Customers Also Viewed These Support Documents