Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
536
Views
0
Helpful
1
Replies

VLAN and ASA/Router question

LMADAdmin
Level 1
Level 1

‎11-19-2010 06:55 AM - edited ‎03-06-2019 02:08 PM

We have a suggested setup from an consultant and I am thinking there is a big probllem with it. Let me lay out our situation and please tell me if you agree:

Current Setup:

PIX firewall

Dell 1 GB/s switches, 1 (default) vlan

Suggested setup:

5510(no additional modules)

     1 Port for outside

     1 Port for DMZ

     1 Port for Internal, VLAN'd to 6 VLAn plus native VLAN

10 GB/s switches for servers, 1 GB/s for users

All backup servers on the server VLAN and half thier targets another VLAN (both on 10 GB/s switches)

To me it seems like we will be pushing half the backup traffic through the 100 MB/s port of the ASA (to get to the other VLAN) putting a severe bottleneck on our traffic. Or am I wrong? I know I coud get a module and give us (4) GB/s ports but thats still 1/10 of the switch speed.

Thanks for the help. Once upon a time I took a CCNA course but that was decade ago and I am woefully out of practice.

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎11-19-2010 07:44 AM 

LMADAdmin wrote:
We have a suggested setup from an consultant and I am thinking there is a big probllem with it. Let me lay out our situation and please tell me if you agree:
Current Setup:
PIX firewall
Dell 1 GB/s switches, 1 (default) vlan
Suggested setup:
5510(no additional modules)
     1 Port for outside
     1 Port for DMZ
     1 Port for Internal, VLAN'd to 6 VLAn plus native VLAN
10 GB/s switches for servers, 1 GB/s for users
All backup servers on the server VLAN and half thier targets another VLAN (both on 10 GB/s switches)
To me it seems like we will be pushing half the backup traffic through the 100 MB/s port of the ASA (to get to the other VLAN) putting a severe bottleneck on our traffic. Or am I wrong? I know I coud get a module and give us (4) GB/s ports but thats still 1/10 of the switch speed.
Thanks for the help. Once upon a time I took a CCNA course but that was decade ago and I am woefully out of practice.

You are not necessarily wrong. Inter-vlan routing off an ASA is usually a bad idea anyway except for very small networks. If you want to inter-vlan route efficiently then use a L3 switch because that is exactly what they were designed for.

If you can't afford a L3 switch espcially a 10Gbps L3 switch then make the 2 vlans one vlan with one subnet. It's not very efficient but it would be a whole lot better than using the ASA, especially as you are using the ASA for routing other vlans too.

Having said that when do the backups happen ie. are they out of hours. And just how much data is being backed up ? . Just because you have 10Gbps switches doesn't mean you are pushing that amount of traffic.

Has the consultant worked out the amount of data for backup which would then allow you to estimate the time taken to do the backups via the ASA ?

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card