1 Reply Latest reply: Dec 6, 2018 10:06 PM by Marwan Alshawi RSS

    Enterprise Design Network

    Matheus

      Hello guys

       

      i would like to hear from your experiences regards design small to medium/large network designs

       

      when you have ISP-2x Firewalls then 2 x Cores in VSS or vPC from the Firewall to Core would you design Point to Point link so from the firewall do 0.0.0.0/0 to the Cores

      or would you suggest a better approch for security and best practice design ?

       

       

      eve.PNG

       

       

      does anyone design small to medium/large network very often in here ? which are the best practice do you approch when design networks?

       

      thank you

      matheus

        • 1. Re: Enterprise Design Network
          Marwan Alshawi

          if I correctly understand you question, your concern about the connectivity from the edge FWs to the network Core if its MEC (vPC/VSS) vs. Routed L3

          with the MEC vPC and VSS they work a slightly deferent as with vPC it will be a bit tricky to have routed traffic over the vPC peer link, I think a new NXOS may support it ( yu need to check) you you will need a separate Inter-switch routed interface for the routed FW traffic

          with VSS you should be fine

          that being said which one better MEC or routed L3, I would look into the convergence time as well as if you need the traffic to be distributed across both Core switches or not. these should be your evaluation criteria.

          not sure if you do 0.0.0.0/0 to the core, because I am assuming your FWs connected to the ISP in which the core need to have the default pointing to the FW, unless I am mistaken