Solved

Ideal router configuration for hosted datacenter

Posted on 2010-08-13
6
632 Views
Last Modified: 2012-08-13
I'm seeking some architecture advise from a networking standpoint.

moving into a hosted datacenter with several managed services.

The flow as I understand it:

Blended carrier network
             |
Managed VPN (comes into play somewhere and sends clients to my router?)
            |
Managed Firewall where i would setup which public ips would have which ports/services forwarded
                  |
Managed Load Balancer for 1 Public IP to 4 VIPs (I have a 2 server cluster from a web standpoint that will leverage this service)
            |
My Rack in Datacenter via 2 ethernet connections in a active/passive mode for failover
                  |
      
      What do I need in my rack? Would I put in some type of Cisco Router which has the ability to take in 2 ethernet connections in a active/passive mode then have one connection into my switch to handle my internal IP network?
      
      If I am using this router would I setup NAT to each internal IP at this point to go to each of my Load Balanced servers?
      NATs for email and such for any other public facing servers?
      
            
            
I'm really looking for guidance on what type of device I need at the top of my rack to interface with my switches for the internal network. I'm not used to this managed service design. Let me know what other information you need about my config to help recommended router/design options.

My switches are Dell Powerconnect 6248s.

0
Comment
Question by:deeburp
  • 3
  • 2
6 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 33433298
I would put a router, since you already have a managed firewall and load balancer.  The switches can be direct to the router (more ports required) or trunked together and on or two of them into the router.
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33433304
Is the managed VPN/Firewall/Load balancer in a separate hosted environment, or are the services going to be terminating in your rack?

Do you have a network diagram of the solution?

Billy
0
 
LVL 1

Author Comment

by:deeburp
ID: 33434184
I can draw the design. But essentially the VPN firewall and load are in a hosted environment. They hand off 2 connections to my rack that carry my public ips.

What brand/model router would I want for this?
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 24

Expert Comment

by:rfc1180
ID: 33434274
will your colocation be cross connected to your hosted environment; Or does your colocation have separate bandwidth aside from the hosted environment?

Billy
0
 
LVL 24

Accepted Solution

by:
rfc1180 earned 500 total points
ID: 33434403
To start of, here are 2 network diagrams that are very basic and not complete; this is based on what you have stated so far, I highly recommend that you design your edge network with firewalls. This is typically the design in a colocated environment. You can use routers, but ensure that they have a firewall feature set (One that does stateful packet inspection). I would recommend getting a pair of ASA firewalls (model will be based on your requirement of users, bandwidth, sessions, etc). You can also get a pair of Juniper SRX/SSG series firewalls, again, the model will be based on your requirements. Again, as stated by mattvmotas, you can go with a set of routers, and again, the model is based on your requirements, also ensuring that the router has firewall features such as stateful packet inspection.

I can dive deeper in the designs, but based on what you have provided so far limits the design.

Billy
ASA-diagram.jpg
Router-Diagram.jpg
0
 
LVL 1

Author Closing Comment

by:deeburp
ID: 33487091
The Asa config diagram was exactly what I needed. I went with cisco. 5510s in an active/standby config. Thanks much
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question