Firstly, I'm not a network expert but I am trying to learn, my background is more general security.
We are setting up a new data centre and a query was pushed my way that I didn't really like the look of.
We have 2 connections coming in to one of our sites, one from our MPLS (DR) and one from our LES circuit (New DC), I believe both are 1Gb fibre. (We have redundant kit and circuits)
It was suggested that we change our current architecture from using Cisco 2960-x as our WAN switches where our external connections terminate, to both lines terminating on our core switches. I refused this as I feel, although logically separated, it's not appropriate for WAN traffic and LAN traffic to be on the same switch. Our providers have had DDOS attacks before and it heavily impacted us the last time, am I right in thinking it would be even worse with both LAN and WAN on the same switch?
Their suggestion following this push back was to use our Cisco ASA 55xx firewalls as a termination point, but I couldn't think of any reason not to, other than scalability. What are the pros and cons of this? I know we would lose some functionality that we apparently aren't using anyway, but are there security implications?
I'd appreciate any input to this anyone can give please. As a side note, they have also suggested going straight into the cores at the DC, which will also have general internet based traffic.
Thanks for your help.
TL;DR: New data centre and trying to figure out where to/ where not to terminate our WAN and internet circuits and the pros/ cons of the solutions.
No comments:
Post a Comment