Solved

Connect Remote Sites

Posted on 2012-03-20
8
429 Views
Last Modified: 2012-03-27
Good day all,
I have been tasked with configuring connectivity to two remote sites in two different states back to the data center in a third state.  I would like to use MPLS to link all three.  VOIP and data files will traverse all three sites.  I have a single domain with 2 DC at two sites and 1 DC at the third.  I will need to implement QoS and VLANing at all locations.  Backups and Replication will go from PIC to ATL.  Currently have a DS3 45Mb burstable to 100MB in place for backups offsite to 3rd party and Internet access for two locations.
The questions I would like to ask are:
    1) Which model Cisco routers and Firewalls are required and how many at each site?
    2) How to provide Internet access at each site without having to go through HQ? (Seperate circuit for each location?)
    3) Best way to provide redundancy for failover purposes? (Another circuit?)

Thanks for your time.
HPIATL-2012.jpg
0
Comment
Question by:kthriffiley
  • 4
  • 4
8 Comments
 
LVL 10

Expert Comment

by:mat1458
ID: 37746013
1) Which model Cisco routers and Firewalls are required and how many at each site?
I'd go for a 2911 or 3925. But if you see increasing your throughput greatly over the next years you might also have a look at an ASR1000. As you have only one 3560 which already is a single point of failure you might as well have only one router. But for resiliency purposes you might as well have two per site. See http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf.
For the firewall I'd go for no less than one or two 5512-X. Again take your future growth in account.
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~tab-a


    2) How to provide Internet access at each site without having to go through HQ? (Seperate circuit for each location?)
Add an internet link at each site. Inject a default route and use the routing protocol to make it look worse in the other sites than the own internet access (i.e. OSPF external type 1 route).

    3) Best way to provide redundancy for failover purposes? (Another circuit?)
You can use another circuit or have a GRE tunnel over the internet if that is sufficient for you.
0
 

Author Comment

by:kthriffiley
ID: 37749538
Thanks for the response.  I just found out today that my boss is getting quotes from AT&T for managed routers with one backbone MPLS and two circuit configuration, one for private, one for public Internet.
They will provide proposed diagrams and suggested equipment based upon their configurations.
Any other suggestions as to alternatives, configurations, etc. would still be appreciated.
0
 

Author Comment

by:kthriffiley
ID: 37758761
Once these sites are connected via a MPLS backbone, they will need to be VLANed to seperate data and VOIP.  Using a Class A address, what scheme is suggested at each location and is it wise to name each vlan the same at each location, i.e. vlan 10 for data and vlan 20 for voice?
Currently Site a is 10.29.230.x/24, Site b is 10.29.233.x/24 and Site c is 10.29.234.x/24.  All sites will need to inter-communicate for file access and phones.  Current phones are Mitel 5400 at site a, 10.29.231.x/23, Mitel 5200 at site b, 10.29.231.x/23 and Mitel 3300 CXi, 10.29.235.x/24 at site c.
All will be connected to Cisco 3560-x switches.
0
 
LVL 10

Accepted Solution

by:
mat1458 earned 500 total points
ID: 37760140
It seems that you already have a scheme with your addresses and it mostly looks good. One thing to mention: the /23 for voice in site a and b is hopefully a typo and needs to be replaced with /24. Otherwise you get an IP address overlap with your data VLAN. Site a's and b's subnet seem to be the same, this would not work that way.

If the VLAN numbering is the same at all sites or if it uses different numbers it a matter of taste today. I personally prefer unique numbers like unique ip subnets so everything can be located easily. You can add a name to each VLAN that identifies its use like VL0010_Data.

So probably in the end could look like that:

Site A:         VL0230_Data 10.29.230.0/24      VL0231_Voice 10.29.231.0/24
Site B:         VL0232_Data 10.29.232.0/24      VL0233_Voice 10.29.233.0/24
Site C:         VL0234_Data 10.29.234.0/24      VL0235_Voice 10.29.235.0/24
some /30 Subnets for the links between the sites: 10.29.236.0
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:kthriffiley
ID: 37766280
Thanks mat1458 for the reply.
I am onboard with your assessment and suggested config.
Unfortunately, my second post with /23 is not a typo.  It is the way it was configured when I started working here...go figure.  Anyhow, they want it fixed the proper way and want to ensure that my thinking is on the right path.  I am the one pushing for a MPLS backbone with VLANs at each location.
If you can, please clarify your last statement about the /30 subnet for the links between sites.
Thanks again.
0
 
LVL 10

Expert Comment

by:mat1458
ID: 37769724
Your idea about separating voice and data is quite common best practices so you're on the right track there.
With the /23 you probably do not run into issues since most routers use 'more specific' prefix routing when they decide which path to take. This makes the /24's win over the /23's. Just make sure that you don't have IP address overlaps. This can't be solved easily.

The /30 thing means the following: depending on how the MPLS provider transports your traffic there might be a necessity to address the links between the sites. And WAN links typically are addressed as point-to-point links. For these type of links the IP community uses /30 subnets which contain 4 addresses: 1st addr subnet number, 2nd addr p2p end left, 3rd addr p2p end right, 4th addr subnet broadcast.

But ask your service provider how the addressing in the WAN looks.
0
 

Author Comment

by:kthriffiley
ID: 37771254
Once again, thanks for your time and input.
I am attaching a final drawing for submission.
NetworkRevision2012.jpg
0
 
LVL 10

Expert Comment

by:mat1458
ID: 37771427
Looks pretty cool to me. Enjoy! /29 is perfect as well. And if questions arise just come back and ask.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
This Micro Tutorial will explain how to export DynamoDB tables in Amazon Web Services.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now