Please don't beat up over this question but Im wondering if this is the best option for our organization. We are a medium sized organization with probably around 75 - 100 subnets. Our current setup is a mix between 1G and 100MB switches in probably 10+ closets around our organization. Each closet has a layer 3 switch with a 10G uplink back to a 10G core. Each subnet ends with the gateway in its own closet. We then use static routes (just how it was setup) to route to each closet and the other various infrastructure. We've been slowly upgrading every access switch to 1G poe+ ports and we've been rethinking the 10G uplink in each of these closets.
One thing to note is that we are a medium sized non profit so budget is very, very important. My first thought was to use ubiquity edge routers as the gateway but they don't have 10G ports with exception of they infinity router which is above our budget. We've recently fell in love with pfsense and our latest thought is to just buy a bunch of those, install them as the gateways in the closet and finally move everything to OSPF and essentially not use the firewall function of pfsense. Given our budget restrictions I don't think this is a terrible plan (would love to hear thoughts though).
But tonight I actually got to thinking a little bit more and wondered if "router on a stick" isn't actually a better option. The only major downside to this would be that we would need to be careful about which vlans are tagged in the core so broadcast traffic isn't being moved to unnecessary switches. And given that we only need to buy one router (or two for redundancy) we could spend a bit more to get a better product. We also have a lot of security cameras and access points and phones, we could have one or two big vlans for all those devices as opposed to the 10 plus we have currently. In regards to cross vlan traffic, there is some but we are moving our email and file storage to the cloud and I can't imagine we have enough of it to actually max out the routers processing. Having routers in each closet seems like a solution to a 2008 problem which is that of bandwidth.
To me, its starting to seem like a good idea but Im curious, is it? Is it common for a medium size org with this many switches/subnets/devices to have it all route through 1 device? Or should we just stick to the current plan? I guess it comes down to having 1 router in the distribution layer to multiple. Or, better yet, do you have any better recommendations. Thanks for your time!
No comments:
Post a Comment