Hi engineers
I'm having trouble deciding between the following two designs for the WAN edge:
- WAN aggregation - all intenet/MPLS links terminate on a HA pair of routers
- No aggregation - each internet/MPLS link terminates on a separate router
Design 1 is one control plane so it has easier management but the downside similar to stacking is that one control plane error can bring down your WAN or a software upgrade, etc. However, Design 2 eliminates the shared control plane but you have more devices to manage. A failure of one device only brings down that one internet or mpls circuit.
What are your experiences with both of these designs and what devices would you recommend for a 200-user shop? Four branch offices with around 10 users max. I'm currently looking at the FortiGate 100E for HQ and 60E for branches. I want to support S2S IPSec tunnels as well.
Thanks for your input.
No comments:
Post a Comment