Fully redundant Data center design

paulmon07 · ‎06-05-2013

Hi Everyone,

I'd like to know please if someone can check this drawing and point out what might be wrong with it... im assuming theres more than 1 thing wrong of course here as i'm only starting out learning networking , but would like to learn where i've gone wrong

Here are the key points for the exercise

1. A pair of 6506E switches for resiliency in the DC will act as the core and aggregation layers with LBs included providing a throughput of 8Gbps which can be increased to 16Gbps

2. 6 x 4948 switches to be utilized in a “Top of Rack” design feeding back to the aggregation layer. Servers are required to have 1 port connectivity only so port count density for dual homing as not been accounted for

3. A Cisco terminal server will connect via PSTN line to allow remote support

4. The DC will be connected to the customer MPLS network via redundent solution using E3 links for POP diversity and WAN FWs

5. internet access will be ensured via a global managed internet services 1G connection using Cisco 2800

Any feedback is most welcome so thank you in advance

Regards,

Paul

Gregory Snipes · ‎06-05-2013

Hi Paul,

If you could generally clarifiy how this is configured, particularly where your layer 2/3 boundries will be, that whould be helpful in analysing this. Here are a few things jump out at me.

1. What is the propose of the cluster of three 4948s between the 6500s and the edge routers?

2. Why do you have firewalls on your WAN connection and not your Internet connection?

3. Is this network all in one location (room)? If so you should probably get a small switch (could be a cheap dumb switch) and spin up and OOB management network to hook you terminal server and an OOB connection from each device to.

Gregory Snipes · ‎06-05-2013

I hit the add reply button and more details magically appear, well played sir.

If the 4948s are to be TOR access switches they should probably not be sitting between the cores and the edge routers. I would run the edge routers directly into the cores. Also since you will want redundancy the access switches should have a link to each of the cores, preferably each one having direct links back without daisy chaining.

paulmon07 · ‎06-05-2013

Hi Greg,

Thanks for your reccomendations. I have updated the original doc, hopefully this now looks more realistic. I also changed the access routers from 6 to 3 as the instructions for this seem to state both, but im pretty sure it should be 3 only as we have a port requirment of 140

Gregory Snipes · ‎06-05-2013

That's looking a lot better.

You may want to increase the access switches to 4 for redundancy purposes. That way you redundantly connect your servers to matched pairs of switches. You could do kind of a round robin three way split kind of thing, but that can get really confusing during troubleshooting.

Are you going to be going with layer 2 at the access layer and terminate all of your SVIs on the 6500s? If so, you should not need the link between the access switches as there is really no scenario in which that will ever be an active link.

paulmon07 · ‎06-06-2013

Thanks again Greg. I will of course take on board the other points you've raised, unfortunately this task only gave us a brief written scenario so i guess we will discuss more specifics when presenting our designs.

Adnan Fakruddin · ‎06-05-2013

Hey Paul,

Few thoughts which came up to my mind were:

1. Would you be needing a DMZ for web servers, etc.?

2. What about an internal firewall for local LAN users? Usually is a good idea that local users also have a FW before they reach the DC servers.

paulmon07 · ‎06-05-2013

Hi Adnan,

Thanks for your response. This is just a scenario that has been presented to me for training so there was no mention of a DMZ or about any further FWs, just the 2 were listed and so i put them where i did. I have updated the visio now after Gregs advice... not sure if its looking more realistic now