Does the configuration my ISP provided make sense? If so, how should I configure my Cisco switches to properly utilize the Bridge being implemented with a connection to the internet at each building?

Hi all,

I am quite new to the world of Networking and have just started a new job which is smack dab in the middle of a major project. The goal of this project is to migrate all physical server hardware to VmWare virtual servers as well as migrate those new virtual servers to a secure locations hosted by another company (Our ISP). My understanding is that the future network is being provisioned based on the requirement that we are able to failover to our head office in the case of a major failure at either the remote host site or the connection between the two buildings. Basically, the requirement that was stated was that we shouldn't have to change the IP address of the servers when we failover the servers (All virtual server images and data stored on SAN and mirrored across to other building)

I have the questions, based on this info (Thanks in advance) 1. Does this configuration make sense ( I suppose it may be too late to change the contract with the ISP but I would like your opinions anyway. Positives/Negatives) The reason I ask is that even with my knowledge, something sounds fishy. Did we really have to go with a bridged solution? Couldn't we have created the same VLAN's (Utilizing the same subnets on each side), and had routers NAT the traffic between the sites??

  1. How should I configure the local and remote core switches to not only allow for traffic to flow between the buildings but also allow for all outgoing Internet traffic to flow through the local ISP connection at each office. I would like to configure it to keep traffic from traversing the pipe between the offices wherever possible. (For example, can I have the core switch at each location act as the default gateway for the same VLAN/Subnet so that traffic doesn't traverse the connection just to find the route to another VLAN on the switch in the same office?

FYI: Existing Configuration at our head office:

Cisco 4510r - Acts as gateway for all current VLANS except DMZ - Server, Workstation, VOIP etc - Trunked connection to a switch on each floor (Cisco

3560) - Trunked connection to existing Firewall (Netscreen 50) which is our access to the internet - All servers connected to GB ports

NetScreen 50 - Has one port connecting to the ISP Router to Internet - Has one port connecting to 4510 trunk port (For all VLANS except DMZ) - Has one port connecting to our 4510 (DMZ VLAN) It is the DMZ VLAN's gateway

Cisco 3560 - All workstations and phones on each floor connected to these devices

Future Configuration at our head office:

Cisco 4510r - Acts as gateway for all current VLANS except DMZ - Server, Workstation, VOIP etc - Trunked connection to a switch on each floor (Cisco

3560) - Trunked connection to existing Firewall (Netscreen 50) which should be this offices access to the internet. - Trunked connection to ISP Switch for Bridge service between buildings

NetScreen 50 - Has one port connecting to the ISP Router (ISP Managed Device) to Internet - Has one port connecting to 4510 trunk port (For all VLANS except DMZ) - Has one port connecting to our 4510 (DMZ VLAN) It is the DMZ VLAN's gateway - ISP Managed Device

Cisco 3560 - All workstations and phones on each floor connected to these devices

Future Configuration at the new remote server hosting facility:

Cisco 3750 - Trunked connection to Firewall (Netscreen ??) which is the remote locations access to the internet. This will also be the incoming connection for all SMTP traffic - Trunked connection to the ISP managed switch for Bridged service between the buildings - All servers connected to this device

NetScreen ?? - Has one port connecting to the ISP Router to Internet - Has one port connecting to 4510 trunk port (For all VLANS except DMZ) - Has one port connecting to our 4510 (DMZ VLAN) It is the DMZ VLAN's gateway

Future Configuration for bridged services between sites: While I don't have exact configuration information, the ISP has explained that they have configured a bridged "service" allowing us to extend all VLAN's to the other location. The only other info that they have mentioned is that they are utilizing an ATM cloud.

I apologize if I have provided too much info for the questions. Again, any assistance would be appreciated.

Reply to
calgden
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.