08-26-2015 04:50 AM - edited 03-08-2019 01:31 AM
Hi all,
I am not sure if the WAN switch here refers to the actual WAN switch use for WAN switching in carrier network.
I came across a network diagram, in which the WAN connection to the internet, is directly connected to switch, instead of a router or firewall
In the rack
(internet line from isp) ---> [switch @ top of the diagram] --> [router/fw]
\--->[router/fw2]
In the diagram, the switch above is refer to as the WAN switch.
q1) why is the switch above call a WAN switch, i am quite sure it is not the kind of WAN switch we are talking about in a carrier network. (is it then a l2/l3 switch)
q2) why is the isp connection directly connected to the switch; instead of a router/fw ? what could be the possible reason to have a setup this way ?
My guess is that there might be another router/fw (highlighted in red) acting as a standby/secondary connected to the switch, that will take over the primary and its wan interface ip as soon as the primary is down. Without the switch on top, i will need 2 lines from the ISP. - could this be 1 of the reason ?
P.S. sorry for the vague illustration.
Regards,
Noob
Solved! Go to Solution.
08-27-2015 05:40 AM
Hello,
q1) why is the switch above call a WAN switch, i am quite sure it is not the kind of WAN switch we are talking about in a carrier network. (is it then a l2/l3 switch)
A simple answer to this is because the switch is carrying WAN traffic. It can be L2 or L3 switch.
q2) why is the isp connection directly connected to the switch; instead of a router/fw ? what could be the possible reason to have a setup this way ?
Setting up this way allow the traffic to be handled by redundant firewall (2 or more firewalls) in a High Availability configuration. e.g. one firewall dies the other takes over
Another reason to setup this way is for big company or ISP to handle multiple WAN traffic using the same resource.
Example:
WAN link 1 and WAN link 2 come in and connected to the "WAN switch" tag with 10 and 20 respectively, 2 trunks carrying VLAN 10 and 20 are then connected to the firewall 1 and firewall 2 respectively which is in HA. Which is then terminated on sub-interfaces dot1q 10 and 20 on the firewall.
Both link can now be used as redundant links, load balanced links, links for different departments or different customers. Depending on how the firewall is configured and the requirement of the network.
Please mark this post as useful if it answers your question.
08-27-2015 05:40 AM
Hello,
q1) why is the switch above call a WAN switch, i am quite sure it is not the kind of WAN switch we are talking about in a carrier network. (is it then a l2/l3 switch)
A simple answer to this is because the switch is carrying WAN traffic. It can be L2 or L3 switch.
q2) why is the isp connection directly connected to the switch; instead of a router/fw ? what could be the possible reason to have a setup this way ?
Setting up this way allow the traffic to be handled by redundant firewall (2 or more firewalls) in a High Availability configuration. e.g. one firewall dies the other takes over
Another reason to setup this way is for big company or ISP to handle multiple WAN traffic using the same resource.
Example:
WAN link 1 and WAN link 2 come in and connected to the "WAN switch" tag with 10 and 20 respectively, 2 trunks carrying VLAN 10 and 20 are then connected to the firewall 1 and firewall 2 respectively which is in HA. Which is then terminated on sub-interfaces dot1q 10 and 20 on the firewall.
Both link can now be used as redundant links, load balanced links, links for different departments or different customers. Depending on how the firewall is configured and the requirement of the network.
Please mark this post as useful if it answers your question.
08-28-2015 01:59 AM
Hi James,
Thanks for the reply and sorry for the late response.
Example: WAN link 1 and WAN link 2 come in and connected to the "WAN switch" tag with 10 and 20 respectively, 2 trunks carrying VLAN 10 and 20 are then connected to the firewall 1 and firewall 2 respectively which is in HA. Which is then terminated on sub-interfaces dot1q 10 and 20 on the firewall. Both link can now be used as redundant links, load balanced links, links for different departments or different customers. Depending on how the firewall is configured and the requirement of the network.
q1) Can a single switch have 2 trunks that are carrying same vlan traffic ?
Regards,
Noob
08-28-2015 03:31 AM
Yes.
I recommend get some switches and play with it.
08-28-2015 11:53 AM
Hi James,
In such a design below, are we able to configure HSRP for the R0, R1 so that if R0 fail, the route to/from the ISP can still go to R1.
I have understood that HRSP need to have a virtual IP, but i have only been assigned 1 IP (202.100.100.102) by the ISP for the point 2 point connection.
In that case, what should I set for the actual IPs on R0 and R1 interface fa0/0 ?
Can I use dummy IPs/subnet for R0 and R1 fa0/0 interfaces ?
Regards,
Noob
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide