Office network design ideas..

sharwal · ‎10-02-2012

Hey all, we are upgrading to a Cisco network and wanted some input on our possible network design...

Currently we have:

A Juniper SSG 140 and IDP for our firewall and IDS

3com (layer2/3) switches for our desktops

2 Dell PowerConnect 5424 switches for our servers and firewalls

2 Dell PowerConnect 5424 switches (separate network) for our SAN/VM hosts

This is what we are thinking of for our next solution

ASA 5512 for our firewall (I read we could possibly get a 25% performance speed improvement for user VPN connections?)

2 WS-C3750x-48t-e (I think this does Layer 2/3) for our desktops

2 WS-C3750x-48t-e for our firewalls/servers

2 WS-C3750x-24P-L for our SAN/VM hosts

The problem is different network services providers who are going to implement this for us are giving us different solutions

Some desktop 3560X for desktops and 4948 for servers and others are telling me 3750x for desktops and Nexus 3048 switches for SAN

Some are telling me we can keep SAN+VM+core traffic on the same switches and just separate them with VLANs while others are telling me we should get separate switches for them

Basically, we just want a improved improvement with better PERFORMANCE and REDUNDANCY (esp with our core + SAN/VM traffic) without going overboard and spending a ton of money

More thoughts:

We need Layer 2/3 switches for core + SAN

Do we need 10G ports?

Let me know your thoughts...

Marwan ALshawi · ‎10-02-2012

Hi There,

the hardware selection actually depends on the network/site topology, number of users, traffic load and more other factors

this is for IP network, for SAN do you mean iscsi, FCoE or pure FC SAN because these are different things and may change the HW selection,

in general 3560 are good fro access switches and 3750 provide same capabilities with improved performance and support for swtckwise ( 3750 is a good option especially if you planing to stack them )

for L3 it is supported on both but consider the license/image you buy with regard to the features you need

nexus for Data center switch are the best as they are design for data center switching however you need to know, port density, 1G or 10G, do you need any FC SAN, DC load/capacity, any L3 function is required and future growth then you can decide if Nexus 3K or 5K is good for you or not

N5K

http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/data_sheet_c78-618603.html
N3K

http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps11541/at_a_glance_c45-648255.pdf

if yo have a network topology with more details of what you need, post it here for more discussions

hope this help

if helpful rate

ALIAOF_ · ‎10-05-2012

Like mentioned before hardware selection really depends on how everything is setup, will be setup, number of users, bandwidth requirements, existing server hardware, future growth options etc.

For SAN and databases usually 4948 E can work out pretty well because of their large buffer size as compared to 3750x and 3560x. I personally think 3560x or 2960's are ok for average desktop users. 3560x's can also work out pretty good for the normal servers. 3750x's can be stacked so unless you are planning on stacking them no sense wasting money on them. Considering the hardware you have now I think going to like couple of 4948 E's (you can setup HSRP or GLBP) for SAN/VM and then 3560x's for servers and 2960's for the desktop may be good. Again it all depends on number of users, server, SAN, future growth requirements etc.

Nexus switches are great but certainly more expensive do you really need them well it is difficult to decide that not knowing the exact needs/requirements.

Hope this helps. Good luck with your upgrade. 5512x has pretty nice specs by the way.

sharwal · ‎10-05-2012

What does stacking do and why is it good?

What are the benefits of HSRP / GLBP?

Can I get 2 3750X and put the SAN/servers/firewalls on them?

Does 5512 and 5515 have the same redundancy/HA capabilities?

We have 20 users

Thanks

Marwan ALshawi · ‎10-05-2012

if you have 20 users only, then your network is small one and stack of 3750 might be sufficient

for the SAN not sure what is dose use, is it iSCSI over IP or purse fiberchannel this determine the type of port/media required for you

stackwise:

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5023/prod_white_paper09186a00801b096a.html

if you use single stack of 3750 switch you do not need any FHRP such as HSRP however if you connect them using traditional method over L2 trunk then a FHRP method is needed in this case

HSRP vs glbp

https://learningnetwork.cisco.com/thread/14776

hope this help

pls rate the helpful posts

ALIAOF_ · ‎10-08-2012

Stacking will basically make two switches act like one, I'm not really a fan of it but that is my personal opinion.

1- if I have to upgrade two switches it will take forever because the upgrade process is sequential so until the whol stack is upgraded both switches will be down. If you have 3 stacked all 3 will be done and so on.

2- I went with 4948E's because their performance specs are so much better than 3750x's and price is almost the same. Ofcourse it requires extra configuration as they do not support stacking so you have to setup GLBP, HSRP etc.

Cisco 5512-x looks like will not do the VPN load balancing. Here are the specs on its load balancing:

http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/wizard_ha.pdf

Hope this helps.

shillings · ‎10-10-2012

3750-X might be fine for your servers. The buffering is not great, but might be sufficient. Advise you use latest IOS if worried about per-port egress buffers. Do you even need deep buffers? If TCP, then this might handle any packet loss sufficiently for your applications.

10-to-1GbE contention is one reason, but if you are not using 10GbE uplinks, then you shouldn't be getting any ingress 10Gbps traffic bursts to your 1GbE egress switchports. And 3750-X isn't designed to terminate 10GbE servers directly, although it is possible to do so.

Some trading floor and video applications need good buffers too, but I've not dealt with those scenarios.

4948E is great for server connectivity, but not stackable and more expensive. Many companies do use 3750-Xs for server connectivity. Just depends on your specific requirements.

sharwal · ‎11-13-2012

Sorry for the delay everyone....here is where we are at now, let me know your thoughts

1941 router for 3G connection and BGP

2960S - 8 port switch between firewall and ISP router

2960S-48 port for desktops

3750X 48 port for servers/firewalls/core

3750X 24 port for SAN/VM traffic

ASA 5515X firewalls

Ok, so here is the issue I am having, I believe our ISPs already provide routers, so do I need my own routers to do BGP? Do I even need BGP?

Right now this is what I think our design should be....

Primary internet line router --> 1941 router --> 2960 8 port switch --> ASA 5515

Backup internet line router --> 1941 router --> 2960 8 port switch --> ASA 5515

and then of course redundancy/BGP between the two...

Let me know your thoughts

shillings · ‎11-13-2012

I would speak to your ISP again and find out more about their service. If they are installing routers within your premises, then I presume it's a fully managed service. I would think they have clear requirements for your side of things and how they envisage the primary/backup circuits will operate.

Once you know more, then you can start looking at the ASAs and how they will interact with the switches and BGP routers in terms of routing, HSRP etc.

Marwan ALshawi · ‎11-16-2012

as stated in the above post you need to find out from the ISP what is the way they are using from the both WAN and LAN sides

however from the LAN side i would say you can request the desired method that you believe you need it

for example exchange IGP routing with the WAN routers such as OSPF, or using a shared LAN/VLAN between the Routers and Firewalls using HSRP in the routers and failover in the Firewalls and both sides use static routes that point to the next hop VIP

hope this help