Hi architects and design engineers of r/networking; I'm interested in your views on enterprise (Internet) gateway environments with respect to modern data centre fabrics such as Cisco ACI / VMware NSX, and how (if) you see them being used to consolidate what were previously quite separate network modules.
I'm mainly involved with government networks and those that are allowed to hit the Internet have traditionally had a gateway environment that includes:
- border routers;
- one or two layers of firewalls;
- DMZ load balancers;
- compute hanging off of those firewalls; and
- an internal layer of routing that peers to the network core routers.
Then, also attached to the network core routers is the data centre environment, which would typically have:
- data centre core routers;
- potentially some service nodes (firewall / load balancers);
- and of course large layer 2 domains to support workload mobility on top of a bunch of compute.
Now add software-defined data centre (SDDC) solutions to the mix which boast easier segmentation and service chaining capabilities (among others), I often wonder if the SDDC should also provide the compute and service nodes for the DMZ as well, self-contained in its own SDDC tenant. And if you're already attaching the gateway environment to the SDDC for compute, perhaps the SDDC should provide all connectivity for the gateway infrastructure devices (border routers, firewall, load balancers etc)?
TLDR; where would you draw the line for consolidating gateway/core/data centre connectivity using SDDC solutions?
No comments:
Post a Comment