Demarc move impact & method


After a long drawn out battle with their ISP, a client is moving to another provider.

The new provider has just established it's presence in their building, but on the other side. So, the existing demarc location, from where this client gets it's feed, is a wash.

The client has an office near the new demarc which has a fiber running back to the core. I would like to know if the experts here could help me naviagate this minefield. It's a Cisco shop.

The existing demarc allows the client to
- have it's internet feed right in it's server room
- plug the ethernet handoff right into their core switch

The new demarc would allow them to
- have the internet feed in it's other office with a 2900 switch which has fiber back to the core switch

Do I:
- get a second fiber run to the core and keep the external traffic separate from their internal?
- plug their ethernet handoff into the 2900 switch and use the existing fiber to transport that external VLAN back to the core?
- do something else?

Explanations as to why I should choose one option over the other would be appreciated.

LVL 21
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

arnoldConnect With a Mentor Commented:
IMHO, you will eventually have to extend the DEMARC into the server room to maintain the most flexibility dealing with bringing additional lines in.  The impact while you are in a transition period is limited versus when you are in full production where downtime is inevitable.

Extending the demarc deals with having a CAT 3 cable with patch pannel on each end connected. (Make sure whoever runs the CAT3 extensions properly marks up the Patch pannels on each side i.e. 1 on patch panel in the server room matches up with 1 on the patch panel in the new location where the dmarc was dropped, office space).    It does not disrupt the circuit in any way until it is connected and then you would have the carrier come out and reconnect the circuit from the current drop onto the DMARC extension Cat 3 patch pannel, and then have them connect it into an existing smartJack where they would only need to add the T1 CARD, or they would need to place a new SmartJack Box in the server room.
At this point you will be able to take the RJ48 T1 from the smart jack into your Core router's Serial port which you can pre-configure.  etc.

The disruption will be the duration of the reconnecting of the lines to the patch pannel and then from the server room patch panel to the smartjack and the smartjack to router connection.

once this is done, any additional circuits you bring in via this dmarc can use the DMARC extension and get to the server room.
netcmhAuthor Commented:
Your option is to use a CAT 3 to extend the new DMARC TO The Same location where the old one WAS (server room) or eventually move the router from the server room to where the new DMARC after running the correct cable from the new dmarc where the router will be to the server room and the switch into which the router is now plugged in.

Missing existing network topology so it is hard to say.
The short of it is that your router needs to be where the DMARC is.
Everything else has to be done with either you run a fiber from the new location and where the router will end up back to the server, or you extend the dmarc from its new location to the server room.

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Without a network diagram & copies of the switch config, it's hard to say, but I'd assume you'll need to route this new connection back to your current network core switch/router because the 2900 is not serving as the root/gateway on your network.
netcmhAuthor Commented:
@arnold: CAT3? I can't extend the demarc. The provider will tack on an enormous fee for that service.

@eeRoot: Makes sense. But humor me on this: The 2900 already has a fiber running to it from the core. Do I need a separate switch for the new ethernet hand-off and a new fiber run to the core from this new switch? Or, can I just plug the ethernet hand-off into a port configured as the outside vlan in the existing switch and use the existing fiber as a trunk back to the core?

Thank you both.
Do you have a network person who can do the cable RUN/test/certification with the provider will come out and just use the run to connect the four wires from the current drop to the server room?

Either way you will have an added expense.
1) you maintain the setup as it is and have an extension of the second DMARC to the server room.
2) you have to get your router to the location where the new DMARC is and then have a run back to the server room if you use VLANs If not, than the router can feed the 2900 that will then feed the core switch.

In short.  A cable/fiber run will likely have to be made from the location of the new DMARC to the server room.

You might as well extend the DMARC to where you need it rather than wait perform effectively the same task and then sometime down the line, go through this process anyway.

Without network topology it is hard to say what you have to do.
The 2900 can not terminate the Drop from the provider (T1's, DS, etc.)
Assuming there are ports running the correct config and speed available, then the 2900 *could* serve as a pass through for passing traffic to the core.  But the netowrk topology and configs would have to be reviewed to determine what changes need to be made to the two devices.
eeRoot, it is not clear to me which connection type is being dropped at the dmarc.
Just for my own sanity, the user has a 2900 switch in close proximate to the new dmarc.
Not sure how the 2900 switch could function as a pass through.

Hopefully, the asker will post the network topology that will make things clearer.
netcmhAuthor Commented:
Not to be *that* guy, but I can't post the topology, just yet - have not been able to finish sanitizing it.

So, the provider has indicated that they will be handing me a CAT6 cable to do with as I see fit. My initial plan was to simply extend this ethernet to the 2900 switch, plug it into a port, configure that port with the EXTERNAL VLAN, have it become accessible from the core on the fiber connecting the core to this 2900, and provide them with internet access.

I have found a transciever while rummaging through their used/spare inventory. So, that could be another option. I could plug the ethernet handoff into the transciever, have it converted to fiber, check to see if the existing fiber has leftover channels/or put in a new fiber and use those to connect back to the core, and provide them with internet access.

I'm unsure if they'll be providing a router to terminate their ethernet handoff. I've asked the question and am waiting for their response. If they do, then I could use their router instead of our switch/transciever.

@eeRoot: The 2900 has ports available. What speed availability would you want me to check and report back? I could quickly get the route statements for the core and the switch, if that's the config you're looking for.

@arnold: It's an ethernet handoff. The switch is in the client's other office, which is about 50 feet from the structure's telco/demarc room. What would prevent a 2900 to function as I envision it?

Thank you both for the valuable input you've been imparting.
Wat type of circuit is being deployed? T, Frame, FIOS, DSL, etc.? There has to be a terminating device at the location at which you could use the 2900 switch to pass through the Ethernet/IP traffic backup to the router in the server room.

If there is no equipment from the vendor, not. Sure whether the 2900 switch can terminate the dropped circuit.
netcmhAuthor Commented:
Whatever they're deploying terminates into their router and I get an ethernet connection.
IMHO, it is best to bite down and address the issue now rather than run into an issue later on.
Do you have sufficient backup equipment at the new dmarc location?
If you ever decide to add additional Feeds, is the 2900 switch in close proximate what you want?

You could leave this one as is, but get a DMARC extension for future drops.
corowerConnect With a Mentor Commented:
erm.. guys, i guess, your'e digging a bit deeper, than is needed.

essentially, what we know (definately) - i'll draw an ascii picture.
new prov                            old prov
\\					//
 ??                                    //
[ C 2900 ]  --------(fo)--------  [ core ]

Open in new window

from my POV - throwing a vlan through existing infrastructure is perfectly OK. vlan gives enough separation for your internal and external traffic. what must be taken into consideration is existing load on existing internal link, and expansion capabilities there. like if you use that fiber link (btw, is it 10G, 1G or 100M?) heavily, and want to add to that like another 1G (internetz) - it might not be the best idea to continue without upgrading that link. then if you plan to use another fiber link - create an etherchannel, and have gain in both speed and redundacy. what you loose is only sharp boundary between core and edge.
netcmhAuthor Commented:
My concern with allowing that traffic through existing infrastructure is the possibility of vlan hopping.
To be clear, usually extending a DEMARC is done using a 25 pair cat 3 cable with plenum connections on each end.
With a patch 66 block on each end.
netcmh - are those two switches (core/edge) your or this is leased/shared infrastructure ? if they're yours, basic security (like no vlans on non-memberports, and so on) gives you a complete isolation. even Wiki article on vlan hopping gives cisco config examples, that completely address this issue.
netcmhAuthor Commented:
@corower: could you give me that link?

@arnold: thank you for that detailed explanation.
All Courses

From novice to tech pro — start learning today.