Ideal router configuration for hosted datacenter

I'm seeking some architecture advise from a networking standpoint.

moving into a hosted datacenter with several managed services.

The flow as I understand it:

Blended carrier network
             |
Managed VPN (comes into play somewhere and sends clients to my router?)
            |
Managed Firewall where i would setup which public ips would have which ports/services forwarded
                  |
Managed Load Balancer for 1 Public IP to 4 VIPs (I have a 2 server cluster from a web standpoint that will leverage this service)
            |
My Rack in Datacenter via 2 ethernet connections in a active/passive mode for failover
                  |
      
      What do I need in my rack? Would I put in some type of Cisco Router which has the ability to take in 2 ethernet connections in a active/passive mode then have one connection into my switch to handle my internal IP network?
      
      If I am using this router would I setup NAT to each internal IP at this point to go to each of my Load Balanced servers?
      NATs for email and such for any other public facing servers?
      
            
            
I'm really looking for guidance on what type of device I need at the top of my rack to interface with my switches for the internal network. I'm not used to this managed service design. Let me know what other information you need about my config to help recommended router/design options.

My switches are Dell Powerconnect 6248s.

LVL 1
deeburpAsked:
Who is Participating?
 
rfc1180Connect With a Mentor Commented:
To start of, here are 2 network diagrams that are very basic and not complete; this is based on what you have stated so far, I highly recommend that you design your edge network with firewalls. This is typically the design in a colocated environment. You can use routers, but ensure that they have a firewall feature set (One that does stateful packet inspection). I would recommend getting a pair of ASA firewalls (model will be based on your requirement of users, bandwidth, sessions, etc). You can also get a pair of Juniper SRX/SSG series firewalls, again, the model will be based on your requirements. Again, as stated by mattvmotas, you can go with a set of routers, and again, the model is based on your requirements, also ensuring that the router has firewall features such as stateful packet inspection.

I can dive deeper in the designs, but based on what you have provided so far limits the design.

Billy
ASA-diagram.jpg
Router-Diagram.jpg
0
 
Matt VCommented:
I would put a router, since you already have a managed firewall and load balancer.  The switches can be direct to the router (more ports required) or trunked together and on or two of them into the router.
0
 
rfc1180Commented:
Is the managed VPN/Firewall/Load balancer in a separate hosted environment, or are the services going to be terminating in your rack?

Do you have a network diagram of the solution?

Billy
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
deeburpAuthor Commented:
I can draw the design. But essentially the VPN firewall and load are in a hosted environment. They hand off 2 connections to my rack that carry my public ips.

What brand/model router would I want for this?
0
 
rfc1180Commented:
will your colocation be cross connected to your hosted environment; Or does your colocation have separate bandwidth aside from the hosted environment?

Billy
0
 
deeburpAuthor Commented:
The Asa config diagram was exactly what I needed. I went with cisco. 5510s in an active/standby config. Thanks much
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.