Technical Information
asked on
Help with network design
Hi
I have a network with a Layer2 link back to a datacentre which provides our internet connection, we have no firewall onsite at present but looking to install one.
We have ordered an internet connection on premise.
We want to keep our Layer 2 connection and make use of it somehow.
We want to use the new internet connection on-premise and a firewall to route the internet. What's the best way to do this?
I have a network with a Layer2 link back to a datacentre which provides our internet connection, we have no firewall onsite at present but looking to install one.
We have ordered an internet connection on premise.
We want to keep our Layer 2 connection and make use of it somehow.
We want to use the new internet connection on-premise and a firewall to route the internet. What's the best way to do this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@bbao yes exactly MPLS from on-premise to the data center
@aamodt OK great, so I should remove the routing from my Layer3 node?
@aamodt OK great, so I should remove the routing from my Layer3 node?
Yes, remove the routing from your Layer3 node
ASKER
How about if that isn't an option for me?
guess you can connect the firewall infornt of the layer3 node . and have a "default" route from Layer3 node to the firewall.
and then on the firewall you split the traffic out to L2 link or the "World/internet".
If that makes somewhat sense.
But best is to skip the extra hop if posible.
you can also do like use Firewall for internet traffic and the layer3 node for L2 traffic.
I have kindof that solution on one instance in our network.
and then on the firewall you split the traffic out to L2 link or the "World/internet".
If that makes somewhat sense.
But best is to skip the extra hop if posible.
you can also do like use Firewall for internet traffic and the layer3 node for L2 traffic.
I have kindof that solution on one instance in our network.
ASKER
Yes thats what I'm looking for, Firewall for Internet traffic and layer3 node for L2 traffic.
Leave the "Layer 3 Node" I assume is a layer 3 switch in place, so you can use the Layer 2 Link to the DC for a backup internet. Use the new firewall for your primary internet.
I would just place a higher metric on the default route on the Layer 3 switch pointing to the DC, and add a lower metric default route to pointing to the firewall.
Add a /30 between the layer 3 switch and firewall. If you have any additional questions. Message me.
I would just place a higher metric on the default route on the Layer 3 switch pointing to the DC, and add a lower metric default route to pointing to the firewall.
Add a /30 between the layer 3 switch and firewall. If you have any additional questions. Message me.
> MPLS from on-premise to the data center
can we know what physical devices are there at the two ends of your MPLS running from your office to the data center?
can we know what physical devices are there at the two ends of your MPLS running from your office to the data center?
what do you actually mean with a L2 link? MPLS from on-premise to the data center?