Correct 2960 for small datacentre - Page 2

PHarrisonCWSI · ‎01-21-2013

Hi guys,

I'll try to keep this as short as possible, any pointers and thoughts appreciated!

I have two cabinets in a datacentre (with 12 CAT5 links available between them), at the moment I just have a single firewall and a very basic 3Com 2824 unmanaged gigabit switch in each cabinet that are connected together. This works perfectly as the traffic use is very light and is typically server->firewall->Internet rather than too much heavy inter-server traffic.

I want to improve the redundancy and reliability however. So I plan to get two Fortigate firewalls, put them in a HA cluster and have one in each cabinet with connections to the WAN. The servers are all VMware so have mulitple NICs teamed. The last bit then is between the VMware host servers and the firewalls - the switches. I'd like to have each server connected to two switches to give multiple paths, so I'm looking at two switches per cabinet. From doing a fair bit of reading it looks like I'll have no problem with this, STP should be able to sort out the multiple routes to whichever firewall is the active member at the time. There will be some need for basic VLANing as I would like to separate management traffic and certain servers I wouldn't expect to exceed 5-10 VLANs.

As I said the traffic is very light and from what I can tell I don't require any "fancy" features, and given the I need to buy four switches I'm trying choose a switch that is reliable but will do the job and not much more. If we experience growth down the road then we can buy more expensive switches then. So I've been looking at the WS-C2960-48TT-S and the WS-C2960-48TT-L, the first using the LAN Lite software while the second uses the LAN Base. The LAN Base version is virtually twice the price so I'm wondering if there are any features of LAN Base that are required in my scenario, does anybody have any thoughts? I've done quite a bit of reading but cannot really see a reason why LAN Lite should not work fine, but don't want to discover I missed something when it is too late .

All input appreciated!

Karsten Iwen · ‎01-23-2013

The differences are noted in the 2960 Q&A:

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/qa_c67-577519.html

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

PHarrisonCWSI · ‎01-23-2013

Karsten, Reza those two links are exactly what I was looking for thanks!

So this of course raises another question from me . Most of the LAN Base features we will not need, the ones I would be concerned about are Flex Link and Link State Tracking which are not available in LAN Lite. The main purpose of all this is that if a switch fails VMware can route traffic to the second switch, and if a firewall in the firewall cluster fails (in which case the passive firewall node takes over the MAC of the primary) the switches will realise that the MAC address has "moved" and route traffic there. Now I "assume" I can do this with regular STP so don't necessarily need Flex Link or Link State Tracking but maybe you could confirm this for me if you know the answer? My understanding is FlexLink would be faster than STP in failing-over but to be honest the speed of failover isn't a big deal, it just needs to happen within a few minutes. Any thoughts on this? Obviously if I cannot get this failover working there'd be no point going for multiple switches in each cabinet so I need to get this part right .

Thanks VERY much for the help so far!