Consolidating subnets over MetroE links
We have a network of 4 sites connected via MetroE. The two main locations are connected at 45 Mb and the other 2 are connected at 10Mb and 20Mb. When we setup this network the engineer that we hired established 2 VLANs for each site, one for phones and one for the rest of the devices. At the main locations he also added one more at each where the firewalls connect. 10 in all.
My question is this, can I consolidate the networks so that we a single subnet for pcs, servers, and firewalls?
The MetroE provides an L2 connection between the sites so it seems to me that routing is not necessary from a stand point of directing traffic. It may serve to reduce traffic across the slow links but is the overhead really enough to require the complexity? We use the MetroE primarily in bursts of traffic like when the SAN syncs between the main sites (Sites A and D below) or for occasional CIFS file copies.
My hope is that with a consolidated IP range failover between servers and internet connections would be simplified. I am obviously not a network engineer so it would be hard for me to describe the situation exactly but as it stands users on one side of our network can't use the internet connection on the other side because of the routing. Another convenience would be that moving a VM from one site to another would not require a big effort in changing IPs. Our accounting program requires that the client be hard coded with the server IP so moving it to a new subnet is a pain at best.
Here are some notes on the different nodes:
Site A
45Mb MetroE
SAN w/6 iSCSI ports
45 pcs, 12 servers, 35 ip phones
Site B
10Mb MetroE
10Mb Ethernet Internet Service (serving sites A,B,C)
PRI for IP phone system (Phone traffic is routed to PRI based on outbound destination)
2 servers
Site C
20Mb MetroE
5pcs, 1 server, 3 ip phones
Site D
45Mb MetroE
10Mb Ethernet Internet Service (serving site D)
PRI for IP phone system (Phone traffic is routed to PRI based on outbound destination)
SAN w/6 iSCSI ports
35 pcs, 7 servers, 30 ip phones
All switches are Cisco Catalysts and from what I can tell utilization is pretty low, below 10%. I had thought about moving iSCSI traffic to its own VLAN(s) at each site too for security and to reduce traffic.
My vision is:
All switches connected L2 over MetroE.
VLAN 100 - PCs and Servers
VLAN200 - iSCSI at Site A
VLAN300 - iSCSI at Site D
VLAN400 - Phone system (may need to be broken down per site?)
VLAN500 - DMZ
Thank you in advance for any light you can shed.
My question is this, can I consolidate the networks so that we a single subnet for pcs, servers, and firewalls?
The MetroE provides an L2 connection between the sites so it seems to me that routing is not necessary from a stand point of directing traffic. It may serve to reduce traffic across the slow links but is the overhead really enough to require the complexity? We use the MetroE primarily in bursts of traffic like when the SAN syncs between the main sites (Sites A and D below) or for occasional CIFS file copies.
My hope is that with a consolidated IP range failover between servers and internet connections would be simplified. I am obviously not a network engineer so it would be hard for me to describe the situation exactly but as it stands users on one side of our network can't use the internet connection on the other side because of the routing. Another convenience would be that moving a VM from one site to another would not require a big effort in changing IPs. Our accounting program requires that the client be hard coded with the server IP so moving it to a new subnet is a pain at best.
Here are some notes on the different nodes:
Site A
45Mb MetroE
SAN w/6 iSCSI ports
45 pcs, 12 servers, 35 ip phones
Site B
10Mb MetroE
10Mb Ethernet Internet Service (serving sites A,B,C)
PRI for IP phone system (Phone traffic is routed to PRI based on outbound destination)
2 servers
Site C
20Mb MetroE
5pcs, 1 server, 3 ip phones
Site D
45Mb MetroE
10Mb Ethernet Internet Service (serving site D)
PRI for IP phone system (Phone traffic is routed to PRI based on outbound destination)
SAN w/6 iSCSI ports
35 pcs, 7 servers, 30 ip phones
All switches are Cisco Catalysts and from what I can tell utilization is pretty low, below 10%. I had thought about moving iSCSI traffic to its own VLAN(s) at each site too for security and to reduce traffic.
My vision is:
All switches connected L2 over MetroE.
VLAN 100 - PCs and Servers
VLAN200 - iSCSI at Site A
VLAN300 - iSCSI at Site D
VLAN400 - Phone system (may need to be broken down per site?)
VLAN500 - DMZ
Thank you in advance for any light you can shed.
Vito_Corleone
If the MetroE circuit is L2 like you said, then yes, it's possible. I'm not sure I would want all the traffic on a single VLAN though. A four site WAN shouldn't be too bad. You can bring in a consultant for a small redesign and likely make it all work without issue.
Ah, missed the part at the bottom. If you want multiple VLANs at each site you will need to make sure your ISP will allow you to trunk across the WAN.
Personally I think this is more complex than having a router at each site. You will also have broadcasts and other traffic traversing the WAN links, which isn't ideal.
Personally I think this is more complex than having a router at each site. You will also have broadcasts and other traffic traversing the WAN links, which isn't ideal.
Yes you can put all the PCs, servers, etc in one VLAN and L2 switch it vs routing it. It would be a single subnet with that many devices which is one reason for using routing.
I wouldn't do it just to fix a routing problem you may have getting to the internet though.
I wouldn't do it just to fix a routing problem you may have getting to the internet though.
ASKER
If I were to keep it routed is there some way to have traffic destined for the accounting server on one subnet forwarded to another? As I said before, the accounting client points to a static IP and is not easily modified. If this accounting server is in a vm and I want to bring it up at our secondary site which is on a different subnet, is there a way to have traffic from all subnets to this specific IP be routed to this IP.
Thanks for both of your quick responses. I had not expected to get a reply so quickly.
Thanks for both of your quick responses. I had not expected to get a reply so quickly.
It sounds like you could use NAT to accomplish what you want. I would need some more details though.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.