Datacenter routing

dan.sellberg · ‎02-22-2013

Hi,

I have a problem to solve in our datacenter, see attached drawing.

HW: Our core switches consists of two stacked C3750 with ip routing.

What I want to do is probably simple but I haven't been able to figure out the best method.

VLAN10 and VLAN20 should not be able to communicate with each other. (ACLs?)
VLAN10 will have it's own default route/firewall.
Both VLAN10 and VLAN20 should be able to send server backups to server in VLAN30.
All 3 VLANs come in on a trunk from a pair of stacked C2960-S.
I need it to be able to scale if we have 50 VLANs for instance, hopefully without long compicated ACLs.

I've been considering VRF's, PBR but can't decide what's the simplest solution to this problem. I have never done this before so I would prefer to start off on the right foot.

This has been solved by many before me so I'm hoping somene has a "blueprint". i would prefer if this can be solved with the hardware we have but if not, what do I need?

Any advice would be highly appreciated.

Regards,

Dan

Vivek Ganapathi · ‎02-25-2013

Hello Dan,

There would be 2 options to sort this out.

Option 1

Extend the default GW to the firewalls. Making the stacked 3750's merely a Layer 2 switch. By doing this you avoid the hassles of configuring cisco ACLs etc. All Inter-VLAN traffic can be controlled using Firewall rules.

Option 2

VLAN 10 will have it's own gateway to route out. VLAN 20, 30 will have its own. To achieve this, you can use the VRF Lite feature.

With any of the above options, i dont feel you need a hardware change. But may require an IOS upgrade to support VRF Lite on your 3750's.

Do let me know if you need any further information.

Hope this Helps.

Regards

Vivek