In the beginning stages of a datacenter migration, I am trying to uncover best methods for deploying a large scale datacenter in a secure Layer 2 and 3 environment.

The end goal here is to achieve not only broadcast domain segregation, but also IP address control and management, all while trying to minimize administrative and technical overhead.

The existing network is built on 5505, 3550 and 2950 edge aggregation switches, terminated on a 6506 core switch.

The existing infrastructure includes more than 2000 individual servers and growing rapidly; this design must be scalable (with obvious network growth) into the tens of thousands of servers.

I have reviewed a number of methods to achieve this, the most appealing (for IP utilization) seems to be Cisco's pVLAN implementations with IP access lists to prevent malicious or inadvertant IP theft. Unfortunately, according to the Cisco docs I've read, this feature is not supported in the 5500 series devices, or fully in many of the lower level devices mentioned above.

If anybody can point me in the right direction for existing or proposed solutions, ideally utilizing this infrastructure, and minimizing system load and administration, I would greatly appreciate it.

Regards,

Anthony