Hey everyone!
This past week our main Nexus/Cisco NetEng was let go from our workplace, and I've been asked to step in and continue the Core redesign project he had started.
We currently have 2 locations that each have a 6509 Chassis that we need to replace/upgrade as our core switch. We have Nexus 5k's (5596's) that we are going to move over to. Some starting work was done with this, and some initial links were moved to this (routed back through the 6509 for the time being). We have several Nexus 3k's (3048TP's I believe) that we are going to use for Access layer (our networks aren't large enough in my thought to justify needing a distribution layer for at least the next 5 years or so).
As this is going to be my first core rebuild using Nexus, I wanted to check and see if I'm looking at this the right way. Our current setup is:
in our DC (where I want to try and focus first) is 9 racks. not fully populated (we could slim down to 6, but don't want to move anything if we don't have to). We have several shelves of Oracle NAS storage, and servers running VM's for all of our network and production gear. We have 4 dedicated 'zones' for how our traffic is segmented: Trust (internal/corp), DMZ (internal but NAT's through our firewall for external in/outbound traffic), Guest wireless and External/Untrust. Some of the servers have separate links for internal and DMZ connections based on the needs.
What my thoughts are on this build is:
Use the 3k's we have as access layer. Begin by setting up the switches back to the core with two 10g links minimum each in PC Trunks with VLAN's that are needed for those sections. Deploy the 3k's in 'separated' segments, as in a switch for Internal is dedicated to all trusted/corp, another for the links that go to the DMZ. We currently have a set of switches that is dedicated for part of the NAS deployment, but I need more feedback from the server team to see if we can merge all the traffic on one, or if we need to separate it out to give it more bandwidth or recovery.
I'm also wondering if we should deploy the 3k's in stacked pairs (VPC or HSRP, still reading up on the specifics of how this works), or if we could/should do single switches, and have a spare available to drop in if something goes south.
I'd really appreciate some feedback on this for anyone that may have done a similar or has a similar deployment. Forgive me if my phrasing or ideas are completely wrong, I'm learning on this and want to make sure I do it right from the start! :)
No comments:
Post a Comment