Solved

Ideal router configuration for hosted datacenter

Posted on 2010-08-13
6
630 Views
Last Modified: 2012-08-13
I'm seeking some architecture advise from a networking standpoint.

moving into a hosted datacenter with several managed services.

The flow as I understand it:

Blended carrier network
             |
Managed VPN (comes into play somewhere and sends clients to my router?)
            |
Managed Firewall where i would setup which public ips would have which ports/services forwarded
                  |
Managed Load Balancer for 1 Public IP to 4 VIPs (I have a 2 server cluster from a web standpoint that will leverage this service)
            |
My Rack in Datacenter via 2 ethernet connections in a active/passive mode for failover
                  |
      
      What do I need in my rack? Would I put in some type of Cisco Router which has the ability to take in 2 ethernet connections in a active/passive mode then have one connection into my switch to handle my internal IP network?
      
      If I am using this router would I setup NAT to each internal IP at this point to go to each of my Load Balanced servers?
      NATs for email and such for any other public facing servers?
      
            
            
I'm really looking for guidance on what type of device I need at the top of my rack to interface with my switches for the internal network. I'm not used to this managed service design. Let me know what other information you need about my config to help recommended router/design options.

My switches are Dell Powerconnect 6248s.

0
Comment
Question by:deeburp
  • 3
  • 2
6 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 33433298
I would put a router, since you already have a managed firewall and load balancer.  The switches can be direct to the router (more ports required) or trunked together and on or two of them into the router.
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33433304
Is the managed VPN/Firewall/Load balancer in a separate hosted environment, or are the services going to be terminating in your rack?

Do you have a network diagram of the solution?

Billy
0
 
LVL 1

Author Comment

by:deeburp
ID: 33434184
I can draw the design. But essentially the VPN firewall and load are in a hosted environment. They hand off 2 connections to my rack that carry my public ips.

What brand/model router would I want for this?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 24

Expert Comment

by:rfc1180
ID: 33434274
will your colocation be cross connected to your hosted environment; Or does your colocation have separate bandwidth aside from the hosted environment?

Billy
0
 
LVL 24

Accepted Solution

by:
rfc1180 earned 500 total points
ID: 33434403
To start of, here are 2 network diagrams that are very basic and not complete; this is based on what you have stated so far, I highly recommend that you design your edge network with firewalls. This is typically the design in a colocated environment. You can use routers, but ensure that they have a firewall feature set (One that does stateful packet inspection). I would recommend getting a pair of ASA firewalls (model will be based on your requirement of users, bandwidth, sessions, etc). You can also get a pair of Juniper SRX/SSG series firewalls, again, the model will be based on your requirements. Again, as stated by mattvmotas, you can go with a set of routers, and again, the model is based on your requirements, also ensuring that the router has firewall features such as stateful packet inspection.

I can dive deeper in the designs, but based on what you have provided so far limits the design.

Billy
ASA-diagram.jpg
Router-Diagram.jpg
0
 
LVL 1

Author Closing Comment

by:deeburp
ID: 33487091
The Asa config diagram was exactly what I needed. I went with cisco. 5510s in an active/standby config. Thanks much
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port forwarding in Cisco RV215w 2 45
How often can a passive RFID be polled? 10 91
NSD FAIL 2 82
How can I measure the quality of my Internet access? 2 8
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now