Solved

Connect Remote Sites

Posted on 2012-03-20
8
460 Views
Last Modified: 2012-03-27
Good day all,
I have been tasked with configuring connectivity to two remote sites in two different states back to the data center in a third state.  I would like to use MPLS to link all three.  VOIP and data files will traverse all three sites.  I have a single domain with 2 DC at two sites and 1 DC at the third.  I will need to implement QoS and VLANing at all locations.  Backups and Replication will go from PIC to ATL.  Currently have a DS3 45Mb burstable to 100MB in place for backups offsite to 3rd party and Internet access for two locations.
The questions I would like to ask are:
    1) Which model Cisco routers and Firewalls are required and how many at each site?
    2) How to provide Internet access at each site without having to go through HQ? (Seperate circuit for each location?)
    3) Best way to provide redundancy for failover purposes? (Another circuit?)

Thanks for your time.
HPIATL-2012.jpg
0
Comment
Question by:kthriffiley
  • 4
  • 4
8 Comments
 
LVL 10

Expert Comment

by:mat1458
ID: 37746013
1) Which model Cisco routers and Firewalls are required and how many at each site?
I'd go for a 2911 or 3925. But if you see increasing your throughput greatly over the next years you might also have a look at an ASR1000. As you have only one 3560 which already is a single point of failure you might as well have only one router. But for resiliency purposes you might as well have two per site. See http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf.
For the firewall I'd go for no less than one or two 5512-X. Again take your future growth in account.
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~tab-a


    2) How to provide Internet access at each site without having to go through HQ? (Seperate circuit for each location?)
Add an internet link at each site. Inject a default route and use the routing protocol to make it look worse in the other sites than the own internet access (i.e. OSPF external type 1 route).

    3) Best way to provide redundancy for failover purposes? (Another circuit?)
You can use another circuit or have a GRE tunnel over the internet if that is sufficient for you.
0
 

Author Comment

by:kthriffiley
ID: 37749538
Thanks for the response.  I just found out today that my boss is getting quotes from AT&T for managed routers with one backbone MPLS and two circuit configuration, one for private, one for public Internet.
They will provide proposed diagrams and suggested equipment based upon their configurations.
Any other suggestions as to alternatives, configurations, etc. would still be appreciated.
0
 

Author Comment

by:kthriffiley
ID: 37758761
Once these sites are connected via a MPLS backbone, they will need to be VLANed to seperate data and VOIP.  Using a Class A address, what scheme is suggested at each location and is it wise to name each vlan the same at each location, i.e. vlan 10 for data and vlan 20 for voice?
Currently Site a is 10.29.230.x/24, Site b is 10.29.233.x/24 and Site c is 10.29.234.x/24.  All sites will need to inter-communicate for file access and phones.  Current phones are Mitel 5400 at site a, 10.29.231.x/23, Mitel 5200 at site b, 10.29.231.x/23 and Mitel 3300 CXi, 10.29.235.x/24 at site c.
All will be connected to Cisco 3560-x switches.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 10

Accepted Solution

by:
mat1458 earned 500 total points
ID: 37760140
It seems that you already have a scheme with your addresses and it mostly looks good. One thing to mention: the /23 for voice in site a and b is hopefully a typo and needs to be replaced with /24. Otherwise you get an IP address overlap with your data VLAN. Site a's and b's subnet seem to be the same, this would not work that way.

If the VLAN numbering is the same at all sites or if it uses different numbers it a matter of taste today. I personally prefer unique numbers like unique ip subnets so everything can be located easily. You can add a name to each VLAN that identifies its use like VL0010_Data.

So probably in the end could look like that:

Site A:         VL0230_Data 10.29.230.0/24      VL0231_Voice 10.29.231.0/24
Site B:         VL0232_Data 10.29.232.0/24      VL0233_Voice 10.29.233.0/24
Site C:         VL0234_Data 10.29.234.0/24      VL0235_Voice 10.29.235.0/24
some /30 Subnets for the links between the sites: 10.29.236.0
0
 

Author Comment

by:kthriffiley
ID: 37766280
Thanks mat1458 for the reply.
I am onboard with your assessment and suggested config.
Unfortunately, my second post with /23 is not a typo.  It is the way it was configured when I started working here...go figure.  Anyhow, they want it fixed the proper way and want to ensure that my thinking is on the right path.  I am the one pushing for a MPLS backbone with VLANs at each location.
If you can, please clarify your last statement about the /30 subnet for the links between sites.
Thanks again.
0
 
LVL 10

Expert Comment

by:mat1458
ID: 37769724
Your idea about separating voice and data is quite common best practices so you're on the right track there.
With the /23 you probably do not run into issues since most routers use 'more specific' prefix routing when they decide which path to take. This makes the /24's win over the /23's. Just make sure that you don't have IP address overlaps. This can't be solved easily.

The /30 thing means the following: depending on how the MPLS provider transports your traffic there might be a necessity to address the links between the sites. And WAN links typically are addressed as point-to-point links. For these type of links the IP community uses /30 subnets which contain 4 addresses: 1st addr subnet number, 2nd addr p2p end left, 3rd addr p2p end right, 4th addr subnet broadcast.

But ask your service provider how the addressing in the WAN looks.
0
 

Author Comment

by:kthriffiley
ID: 37771254
Once again, thanks for your time and input.
I am attaching a final drawing for submission.
NetworkRevision2012.jpg
0
 
LVL 10

Expert Comment

by:mat1458
ID: 37771427
Looks pretty cool to me. Enjoy! /29 is perfect as well. And if questions arise just come back and ask.
0

Featured Post

ScreenConnect 6.0 Free Trial

At ScreenConnect, partner feedback doesn't fall on deaf ears. We collected partner suggestions off of their virtual wish list and transformed them into one game-changing release: ScreenConnect 6.0. Explore all of the extras and enhancements for yourself!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
MPLS VRF bridging 4 69
SIEM traffic 5 59
How to safely test out TFTP server software 12 92
JAVA API design with micro service cloud in mind 1 44
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Many CHPs use the buzzword ‘Cloud Hosting’ to sell the idea of reliability. Most consumers have the opinion that cloud hosting is easily scalable and can handle just about anything. Further, most CHPs are not transparent and hide the underlying arch…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question