bluespringsit
asked on
Alternative to Policy Based Routing
I'm looking for design alternative to the way I currently have my network designed. We have to data centers, in two different buildings, connected via fiber. Each data center has a layer 3 switch, firewall, and internet connection. Our first data center has a T1, with whom we host our dns zone file, mx record, ect. At the second data center, we have a comcast business class cable connection. We run EIGRP on the network. The default route sends all internet traffic out the comcast cable connection at the second data center. I've set up a Policy Based Route on the 3750 layer 3 switch at the first data center. This policy looks for traffic sourced from an IIS server, and an Exchange server, and sets the next hop to the inside interface of the firewall at the first data center. The reason for this is to return traffic out to the internet, using the same route the request came in on, because these two servers are hosting OWA, and a web site.
The PBR on the 3750 is applied to the vlan interface that my servers are behind. This PBR is killing my switch. I've been up and down the issue with consultants, and Cisco TAC. There is essentially no answer. Because of the performance hit the cpu is taking, the ping times to all servers in that vlan are terrible, sometimes jumping above 25ms.
I'm trying to figure out what my best option is to remedy this problem. Here are the options I'm thinking about:
-Inserting a router in front of the 3750 to handle the routing
-Possibly moving the servers that host services on the T1, to a separate vlan. If so, am I still required to use PBR to get around the default route on the network
-Can I set the next hop for all servers behind the affected VLAN interface to use the T1, without using PBR?
-Install a new layer 3 switch dedicated to only the servers
-Could a reverse proxy server in the dmz solve the issue?
New.jpg
The PBR on the 3750 is applied to the vlan interface that my servers are behind. This PBR is killing my switch. I've been up and down the issue with consultants, and Cisco TAC. There is essentially no answer. Because of the performance hit the cpu is taking, the ping times to all servers in that vlan are terrible, sometimes jumping above 25ms.
I'm trying to figure out what my best option is to remedy this problem. Here are the options I'm thinking about:
-Inserting a router in front of the 3750 to handle the routing
-Possibly moving the servers that host services on the T1, to a separate vlan. If so, am I still required to use PBR to get around the default route on the network
-Can I set the next hop for all servers behind the affected VLAN interface to use the T1, without using PBR?
-Install a new layer 3 switch dedicated to only the servers
-Could a reverse proxy server in the dmz solve the issue?
New.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you have a Layer 3 interface between the 3750 and the ASA right now, you will have to change this to a VLAN on the switch and possibly change the mask so that the router can be put in there too.