1 Reply Latest reply: Dec 6, 2018 10:06 PM by Marwan Alshawi RSS

    Enterprise Design Network


      Hello guys


      i would like to hear from your experiences regards design small to medium/large network designs


      when you have ISP-2x Firewalls then 2 x Cores in VSS or vPC from the Firewall to Core would you design Point to Point link so from the firewall do to the Cores

      or would you suggest a better approch for security and best practice design ?






      does anyone design small to medium/large network very often in here ? which are the best practice do you approch when design networks?


      thank you


        • 1. Re: Enterprise Design Network
          Marwan Alshawi

          if I correctly understand you question, your concern about the connectivity from the edge FWs to the network Core if its MEC (vPC/VSS) vs. Routed L3

          with the MEC vPC and VSS they work a slightly deferent as with vPC it will be a bit tricky to have routed traffic over the vPC peer link, I think a new NXOS may support it ( yu need to check) you you will need a separate Inter-switch routed interface for the routed FW traffic

          with VSS you should be fine

          that being said which one better MEC or routed L3, I would look into the convergence time as well as if you need the traffic to be distributed across both Core switches or not. these should be your evaluation criteria.

          not sure if you do to the core, because I am assuming your FWs connected to the ISP in which the core need to have the default pointing to the FW, unless I am mistaken