Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
581
Views
0
Helpful
0
Replies

Migration feedback server switch

Kn1ghtR1d3rOfD00m
Level 1
Level 1

‎06-29-2019 11:10 AM

Hi team,

 

Im not sure if this is the right spot to post this, but Im kind of desperate on how to get any ideas on how I can achieve a LAN migration of servers inside the data center.

 

Let me give a bit of a background, we have 2 Infras, meaning the old infra is with Fortinet acting as a gateways for the LAN and Server LAN

and the new infra composed by Cisco 6500 and a couple of firewalls cisco ASA

While we get at some point to get rid of the old normal LAN traffic from fortinet to Cisco, during that process, some users in the new infra needed to access old LAN so we decided to put between the Fortinet and the Cisco a 2 sets of Cisco ASA acting kind of a DMZ so both infras can share resources, 

 

now, all has been migrated but there is still the Server LAN that is still in the Fortinet

 

THe fortinet is the gateway and then via trunk connected to the server access switch 

 

The problem is that the person from architecture is no longer in the company, where he decided at some point to connect a couple of links between the old server switch and the new server switch in the new infra.

 

I could simply do the same process as the others subnets in the past, but that is a long history, simply put, Information services dept and servers team have a cloud solution, but this is the only LAN pending where they state it in the process due to other factors and it will be completed within 2 years, 

So, another heck in my neck is that we are remodeling the data center where the old infra resides, so instead of unacking and mounting back again the old infra, I want to see the possibility to move the LAN from the old infra to the new infra using the same subnet while the other teams finish sometime the migration to the cloud solution.

 

the benefits would be on my side because I can get rid of the old switches and fortinets once and for all and not messing around with a huge cabling management because I would have to disconnect and reconnect everything which I see useless, 

 

Sorry that was a bit of a background in case you were wondering why I want to make this "brilliant" idea.

 

So, my idea is to move the gateway from the fortinet to the Cisco 6500. 

 

My plan is this:

 

Remove fortinets, 

Remove the first 4 switches acting as the MAN and WAN.- 

Remove static routes from Cisco 6500 pointing to Cisco P2P ASAs - Reason: Currently traffic from users in new Infra has to traverse CIsco 6500, passes to Cisco ASA P2P and get to the fortinet in order to reach the legacy server subnet.

Keep the server switches - at least there will be 2 switches only instead of moving a lot of fortinets, 4 big old switches.

or Remove server switches 

Create SVI in the core 6500 for the same subnet- obviously, this subnet does not have to exist in the global routing, which does not, so users in the new infra can reach directly to the gateway in the new Core 6500 switch

 

 

note: new server subnet for services that resides locally, the gateway are in the cluster ASA shown in the image. another method would be to move the gateway from fortinet to the server FW ASA, but managers dont want because we are migrating to PALO ALTO so that FW will disappear, so you see, im stuck in which way I should take.

 

note: this method overpasses both in security perspective and design, I know, but this will be and can be as a temp solution while the rest and owner of the servers complete the migration process to the cloud solution.

 

Note: the old server subnet in the 192.168.1.0/24 only has 4 hots servers :( 

 

so in summary, 

 

Could I connect the 2 old servers switches in trunk and create a SVI in the Cisco 6500 without worrying about the underlying connection between the old servers switches and the CIsco UCS? like in this figure ?

 

I dont want to use the CIsco ASA in cluster

 

DATACENTER_QUESTION2.PNG

 

 

 

I know its a bit odd this question cause its more oriented in design perspective, but I wanted to know if you can possibly help me to understand if Im correct what Im planning to do so I can avoid lesser impact on the users using the still remaining old servers, 

 

So the new traffic should come from the normal LAN (not LAN legacy) and the traffic goes to the 6500 (gateway) reaching the trunk to the old servers switches (and bypassing the Cisco ASA)

 

Could that be feasible so I can then remove the bunch of cabling and old big routers and old 4948? 

This is a temp workaround of course

 

In the image attached there is the current connection setup as well, and the new one I want to achieve is above

 

Can I have your ideas please? or let me know if this type of questions is destined to other forum but as you can imagine Im desperate, 

Regards, 

 

 

Preview file
213 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card