Re: Routing / Switching / Help

amentges · ‎01-11-2007

I am looking for some advice I will try to be as detailed as possible but I?m sure I will leave out something important. I work for a medium size web hosting company we currently have a /18 and

Our network infrastructure is extremely flat, we get the hand off from our provider it goes to our pix525 and pix525 fail over (the pix?s do the static routing of the /18) and then the connection gets dropped to a pair of 3508?s that give uplinks to our four racks. This infrastructure has worked well for the past 3 or so years but now we are having major ARP issues with the PIX, basically because the /18 isn?t subnetted (and for now and arguments sake lets say it can?t be) the PIX has to handle all the arp requests. If I clear arp in the pix 5 seconds later I will have 5k entries (I also found out that the max arp on a pix is 8192 if anyone was curious). So we are looking for a solution to band-aid our problem until subnetting can be properly done (it will at least take a year to do). My question is what would be the best method to offload the ARP / routing of the pix and handle the number of addresses in a /18? (currently we do about 80/mbs and about 8-10k connections on the pix)

Three choices that I was looking at were a

7204VXR NPE-400 with 2 PA-GE cards

Catalyst WS-C4948-S

Catalyst 3750

Can anyone chime in with their recommendations on what potentially we could do to mitigate this issue? As always money is an issue so the cheaper the better.

Thanks for the help

Collin Clark · ‎01-11-2007

Without knowing more about the design of your network, I would lean towards the 4948. We use it in our datacenter for segmenting server VLANs at the distribution layer. We have had no problems with them and it has good performance for a stackable switch. I think the 3750 is a little underpowered for you. The 7200 would work, but it may not fit well in the future design of your network. The 4948 can handle your address space and can be the L3 for your VLANs. Get a pair of them and put them to work!

Quick Specs on the 4948--

Performance and Switching Specifications

? 96 Gbps nonblocking switch fabric

? 72 Mpps Layer 2 Forwarding (hardware)

? 72 Mpps Layer 3 and 4 forwarding-IP routing, Cisco Express Forwarding-based (hardware)

? Layer 2-4 hardware-based switch engine (application-specific integrated circuit [ASIC]-based)

? Unicast and multicast routing entries: 32,000

? Support for 2048 active VLANs and 4096 VLAN IDs per switch

? Layer 2 multicast addresses: 16,384

? MAC addresses: 32,768

? Policers: 512 ingress and 512 egress

? ACL or quality-of-service (QoS) entries: 32,000

? Uplinks: 4 alternatively wired SFP ports with (Gigabit EtherChannel) support

? Latency: 6 microseconds for 64-byte packets

? Switched virtual interfaces (SVIs): 2048

? STP instances: 1500

? Internet Group Management Protocol (IGMP) snooping entries: 8000

HTH and please rate.

amentges · ‎01-11-2007

Thanks for the reply, as for design of our network really there isnt much of one other than being completely flat,

1x3508 Incomming hands off to

2xPIX525UR That do firewallring / routing hands off to

2xCatalyst 3508's which give uplink to 4 3548's, no vlan's etc, just one static route. At this exact point in time we can't subnet (for a number of reasons so were some what limited)

Since we are only doing static routing (all the machines / and ips are literrally 4ft a way) could we get buy with a

Catalyst WS-C4948-S (vs the Catalyst WS-C4948-e)?

Again thanks for your help / insight

Collin Clark · ‎01-11-2007

You might want to consider the 'E'. Once you implement VLAN's you will want a routing protocol for inter-vlan communications. The base supports RIP, but I would think you would want EIGRP/OSPF.