Solved

Demarc move impact & method

Posted on 2013-05-16
19
322 Views
Last Modified: 2013-06-14
Hello,

After a long drawn out battle with their ISP, a client is moving to another provider.

The new provider has just established it's presence in their building, but on the other side. So, the existing demarc location, from where this client gets it's feed, is a wash.

The client has an office near the new demarc which has a fiber running back to the core. I would like to know if the experts here could help me naviagate this minefield. It's a Cisco shop.

The existing demarc allows the client to
- have it's internet feed right in it's server room
- plug the ethernet handoff right into their core switch

The new demarc would allow them to
- have the internet feed in it's other office with a 2900 switch which has fiber back to the core switch

Do I:
- get a second fiber run to the core and keep the external traffic separate from their internal?
- plug their ethernet handoff into the 2900 switch and use the existing fiber to transport that external VLAN back to the core?
- do something else?

Explanations as to why I should choose one option over the other would be appreciated.

Thanks
0
Comment
Question by:netcmh
  • 7
  • 6
  • 3
  • +1
19 Comments
 
LVL 20

Author Comment

by:netcmh
Comment Utility
Anyone?
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Your option is to use a CAT 3 to extend the new DMARC TO The Same location where the old one WAS (server room) or eventually move the router from the server room to where the new DMARC after running the correct cable from the new dmarc where the router will be to the server room and the switch into which the router is now plugged in.

Missing existing network topology so it is hard to say.
The short of it is that your router needs to be where the DMARC is.
Everything else has to be done with either you run a fiber from the new location and where the router will end up back to the server, or you extend the dmarc from its new location to the server room.

(repeatitive/circular)
0
 
LVL 21

Expert Comment

by:eeRoot
Comment Utility
Without a network diagram & copies of the switch config, it's hard to say, but I'd assume you'll need to route this new connection back to your current network core switch/router because the 2900 is not serving as the root/gateway on your network.
0
 
LVL 20

Author Comment

by:netcmh
Comment Utility
@arnold: CAT3? I can't extend the demarc. The provider will tack on an enormous fee for that service.

@eeRoot: Makes sense. But humor me on this: The 2900 already has a fiber running to it from the core. Do I need a separate switch for the new ethernet hand-off and a new fiber run to the core from this new switch? Or, can I just plug the ethernet hand-off into a port configured as the outside vlan in the existing switch and use the existing fiber as a trunk back to the core?

Thank you both.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Do you have a network person who can do the cable RUN/test/certification with the provider will come out and just use the run to connect the four wires from the current drop to the server room?

Either way you will have an added expense.
1) you maintain the setup as it is and have an extension of the second DMARC to the server room.
2) you have to get your router to the location where the new DMARC is and then have a run back to the server room if you use VLANs If not, than the router can feed the 2900 that will then feed the core switch.

In short.  A cable/fiber run will likely have to be made from the location of the new DMARC to the server room.

You might as well extend the DMARC to where you need it rather than wait perform effectively the same task and then sometime down the line, go through this process anyway.

Without network topology it is hard to say what you have to do.
The 2900 can not terminate the Drop from the provider (T1's, DS, etc.)
0
 
LVL 21

Expert Comment

by:eeRoot
Comment Utility
Assuming there are ports running the correct config and speed available, then the 2900 *could* serve as a pass through for passing traffic to the core.  But the netowrk topology and configs would have to be reviewed to determine what changes need to be made to the two devices.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
eeRoot, it is not clear to me which connection type is being dropped at the dmarc.
Just for my own sanity, the user has a 2900 switch in close proximate to the new dmarc.
Not sure how the 2900 switch could function as a pass through.

Hopefully, the asker will post the network topology that will make things clearer.
0
 
LVL 20

Author Comment

by:netcmh
Comment Utility
Not to be *that* guy, but I can't post the topology, just yet - have not been able to finish sanitizing it.

So, the provider has indicated that they will be handing me a CAT6 cable to do with as I see fit. My initial plan was to simply extend this ethernet to the 2900 switch, plug it into a port, configure that port with the EXTERNAL VLAN, have it become accessible from the core on the fiber connecting the core to this 2900, and provide them with internet access.

I have found a transciever while rummaging through their used/spare inventory. So, that could be another option. I could plug the ethernet handoff into the transciever, have it converted to fiber, check to see if the existing fiber has leftover channels/or put in a new fiber and use those to connect back to the core, and provide them with internet access.

I'm unsure if they'll be providing a router to terminate their ethernet handoff. I've asked the question and am waiting for their response. If they do, then I could use their router instead of our switch/transciever.

@eeRoot: The 2900 has ports available. What speed availability would you want me to check and report back? I could quickly get the route statements for the core and the switch, if that's the config you're looking for.

@arnold: It's an ethernet handoff. The switch is in the client's other office, which is about 50 feet from the structure's telco/demarc room. What would prevent a 2900 to function as I envision it?

Thank you both for the valuable input you've been imparting.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Wat type of circuit is being deployed? T, Frame, FIOS, DSL, etc.? There has to be a terminating device at the location at which you could use the 2900 switch to pass through the Ethernet/IP traffic backup to the router in the server room.

If there is no equipment from the vendor, not. Sure whether the 2900 switch can terminate the dropped circuit.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 20

Author Comment

by:netcmh
Comment Utility
Whatever they're deploying terminates into their router and I get an ethernet connection.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
IMHO, it is best to bite down and address the issue now rather than run into an issue later on.
Do you have sufficient backup equipment at the new dmarc location?
If you ever decide to add additional Feeds, is the 2900 switch in close proximate what you want?

You could leave this one as is, but get a DMARC extension for future drops.
0
 
LVL 3

Assisted Solution

by:corower
corower earned 250 total points
Comment Utility
erm.. guys, i guess, your'e digging a bit deeper, than is needed.

essentially, what we know (definately) - i'll draw an ascii picture.
new prov                            old prov
\\					//
 ??                                    //
[ C 2900 ]  --------(fo)--------  [ core ]
  edge  

Open in new window


from my POV - throwing a vlan through existing infrastructure is perfectly OK. vlan gives enough separation for your internal and external traffic. what must be taken into consideration is existing load on existing internal link, and expansion capabilities there. like if you use that fiber link (btw, is it 10G, 1G or 100M?) heavily, and want to add to that like another 1G (internetz) - it might not be the best idea to continue without upgrading that link. then if you plan to use another fiber link - create an etherchannel, and have gain in both speed and redundacy. what you loose is only sharp boundary between core and edge.
0
 
LVL 20

Author Comment

by:netcmh
Comment Utility
My concern with allowing that traffic through existing infrastructure is the possibility of vlan hopping.
0
 
LVL 76

Accepted Solution

by:
arnold earned 250 total points
Comment Utility
IMHO, you will eventually have to extend the DEMARC into the server room to maintain the most flexibility dealing with bringing additional lines in.  The impact while you are in a transition period is limited versus when you are in full production where downtime is inevitable.

Extending the demarc deals with having a CAT 3 cable with patch pannel on each end connected. (Make sure whoever runs the CAT3 extensions properly marks up the Patch pannels on each side i.e. 1 on patch panel in the server room matches up with 1 on the patch panel in the new location where the dmarc was dropped, office space).    It does not disrupt the circuit in any way until it is connected and then you would have the carrier come out and reconnect the circuit from the current drop onto the DMARC extension Cat 3 patch pannel, and then have them connect it into an existing smartJack where they would only need to add the T1 CARD, or they would need to place a new SmartJack Box in the server room.
At this point you will be able to take the RJ48 T1 from the smart jack into your Core router's Serial port which you can pre-configure.  etc.

The disruption will be the duration of the reconnecting of the lines to the patch pannel and then from the server room patch panel to the smartjack and the smartjack to router connection.

once this is done, any additional circuits you bring in via this dmarc can use the DMARC extension and get to the server room.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
To be clear, usually extending a DEMARC is done using a 25 pair cat 3 cable with plenum connections on each end.
With a patch 66 block on each end.
0
 
LVL 3

Expert Comment

by:corower
Comment Utility
netcmh - are those two switches (core/edge) your or this is leased/shared infrastructure ? if they're yours, basic security (like no vlans on non-memberports, and so on) gives you a complete isolation. even Wiki article on vlan hopping gives cisco config examples, that completely address this issue.
0
 
LVL 20

Author Comment

by:netcmh
Comment Utility
@corower: could you give me that link?

@arnold: thank you for that detailed explanation.
0
 
LVL 3

Expert Comment

by:corower
Comment Utility
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now