Monday, April 19, 2021

Walked into this network today for a new company today...thoughts?

https://ibb.co/jVttxKk

Is this pretty bad or has anyone seen something simiiar to this? said company is a financial provider that uses that same setup to connect multiple DC's. Firewalls handle most of the routing. The firewall on the right is used solely for datacenter interconnects which are connected via the switches then trunked up the port channel via L2.

It seems like an entire set of devices (routers?) are missing here.

Current thoughts.... Ditch the firewall on the right used for cross datacenter connectivity . Get a set of routers. Run l3 Uplinks from switches to said routers. A few things im not sure of... where to terminate cross dc links? Is it reasonable to plug them directly into the "core" TOR switches and run a /29 p2p cross dc? or is this maybe best connected at the router level? Also How to replace the encryption performed by the "cross dc" firewalls?.. macsec?

Be gentle please...not really use to a network like this and while it seems functional as per the staff it seems to not be very scalable and also a nightmare to maintain. Am I incorrect in that assumption?

Any thoughts appreciated.



No comments:

Post a Comment