I have an enterprise network which has 2 data centres connected by MPLS (provided by ISP) which are a mirror of each other and the performance is really bad (decisions preciously made by other parties but not the point, we are where we are).
My current situation is the ISP provides us with a router which we use to connect into their MPLS/internet services, which connects into our firewall, acting as the router and has VPNs going to the other data centre over the MPLS and to user networks. Then a couple of aruba 2920 switches @ 1gbps which are connected to a few ESXi hosts @ 1gbps. We host a few web servers, app and sql servers as well as standard enterprise servers.
ISP Router
Firewall - Layer 3
Access layer switch - Aruba 2920 :( - Layer 2
ESXi hosts w/ servers
I want to change this by adding another layer 3 switch in between the firewall and the access layer switches and upgrade the existing access layer switches to something a bit more... data centre capable and 10gbps across the LAN.
My question is, implementing the intended changes, where would the 'firewalling' and security fit in?
I want to get away as much as possible from using the firewall for layer 3 across the LAN and can't figure out how this would be implemented.
*Note: This is all hypothetical and would consult with professional services before putting anything into motion for opinions.
No comments:
Post a Comment