Hello, redditors, this is a follow up on this post I did some days ago and some of you helped me (thanks): https://www.reddit.com/r/networking/comments/humimc/help_with_a_service_design_approach_that_requires/
It came to my attention that my main issue is the way the network was setup initially. Was never meant to work like this (2 networks, that must locally see each other but one must use specific internet routes and the other some other internet routes), actually our hardware at the core doesn't even handle more than 15k hosts plus some (1000 or so) IPv4 hosts. So I am trying to redesign it with new gear and trying to be as cheap as possible (well because I was asked to be). More information is on the post I am linking here, however I'll add a bit more of background.
This is a DC whose only service is colocation/VPS + internet (every host, gets one or more public IPs, that's it). We don't have anything fancy internally and in the past 3 years at any given time there were no more than 5k hosts active (mostly virtual) and no more than 50 VLANs active. I say this because I'm not considering anything related to VxLAN due to this (likely will cost more and we don't really have that many vlans).
My idea here is to just leverage MPLS, VRF, VRF-leaking to build some "service pods", so the service pods is a pair of core/dist switches and any amount of access switches (plain l2). Very simple design CORE/DIST, ACCESS. This would allow me to change a server or host from/to networks by just changing its VLAN. This would also allow me to receive circuits on any edge I just use the VRF to classify it.
Core switches would need to learn around 50k IPv4 routes plus no more than 20k MACs and 20k ARP/NDP records at the most in parallel (in reality I don't even expect we'll need to handle more than 15k host atm, I am just making it bigger). Please see the following image for reference:
Now, my concern is finding switches that can handle this that are "cheap" (let's put a number, 10k USD or less). For the routers I believe I can still make use of the ASR1001-X I've got, ISP-A, B send full Ipv4+Ipv6 routes, IXP sends around 120k routes v4 and around 25k v6.
Any suggestion on brands/models or any suggestion or issue about this design?
My other idea is really to just simplify this even more... no VRFs, just separate and have "1 core/dist" for the regular network and another for the "special network", then just BGP and BGP policies, for the internet just a default route towards one of the routers who will only handle either "regular network outbound" or "special network outbound", as in, send to a router and it'll know how to handle you.
But this doesn't allow me to just change VLANs to change from one network to the other (requires physically moving the server to a different access switch, likely a different rack), plus this also means that I must define some edge routers to be "special network only" or "regular network only" (to avoid the usage of PBR, just plain BGP policies.
Thank you for any help!
No comments:
Post a Comment