Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
724
Views
0
Helpful
4
Replies

Internet Edge Re-design

NETAD
Level 4
Level 4

‎02-05-2020 04:39 PM

Hello, we are planning to redesign our internet and this time instead of leveraging the dist/core switch for connecting the firewall and WAN throught L2/L3, there was a suggestion made to place a breakout switch between the core switch, the firewalls and the ISP. For better segregation and throughput.

I need insight and security best practices here please.

1-Im planning to use L3 links between the core and the break out switch in a separate VRF and turn on EIGRP on those

2-use static routes to the firewall

3-L2 vlan for the firewall outside interfaces, and the ISP.

4-is 9300 breakout switch going to offer better throughput for us in this scenario?

5-do I have a solid design here
Labels:
Preview file
175 KB
0 Helpful
4 Replies 4

Muhammad Awais Khan
Cisco Employee
Cisco Employee

‎02-05-2020 05:20 PM

Hi,

 

I would suggest to rely on layer 2 VLANS on the breakout switch instead if going with VRFs. With VRF, you will then required some route leaking between LAN interfaces in global VRF and VRF for wan routers.

 

Having a breakout switch is good idea, you are saving good interfaces and adding some flexibility to have option for creating subinterfaces. 

 

For the throughput, how much will be the aggregated bandwidth for Internet and WAN links you will be having?. It will be most likely way less than the throughput of the 9300 switch.

0 Helpful

NETAD
Level 4
Level 4
In response to Muhammad Awais Khan

‎02-05-2020 07:13 PM

Thanks Muhamad, are you suggesting L2 vlans just for the complexity of the config on the breakout switch?

 

couple ASRs will hang off of the 9ks for Connectivity to the DC and the internet circuit. The pipes range from 150 mbps to 500 I believe.

0 Helpful

NETAD
Level 4
Level 4
In response to Muhammad Awais Khan

‎02-26-2020 10:00 AM

Hi Muhamad, what are the benefits for having a L3 breakout switch instead of L2
0 Helpful

Muhammad Awais Khan
Cisco Employee
Cisco Employee
In response to NETAD

‎02-26-2020 03:54 PM

apologizing fo rmissing your comment. L3 breakouts will add more subnets for you which will add more complexity in your design and you have to then add Routing protocols also.

 

L2 Breakouts will help you also for HA on the ASR side in future, especially if you configure HSRP , which can be possible with L3 Breakout switch but you may endup increase interaces on the Switch side.

 

In summary, both will work but L3 will increase some extra configuration and overheads for you interms of Routing and additional subnets while L2 will make your Edge side simpler

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card