I am working on a SD-access and data center networking design with green field deployment for our company I have attached a diagram to illustrate the design.
Firewall would connect outside to fabric borders which has connectivity to Internet, WAN and DMZs. In addition, those firewalls are used for East-West traffic between servers in server farm as well.
Here are some technical questions prior to finalizing the low level design.
1- At first place, is it a valid design? I would love to have your valuable inputs and recommendations.
2- For now, there is no plan for micro-segmentation using ISE and SGTs by customer. That said, macro-segmentation is way to go in the fabric for segmenting traffic between Corporate users, IoTs, Guest etc. VNs
In the design, I will use data center distribution switch for L3 handoff to handle communication between separate VN’s or VRF or from VN/VRF to Shared services residing at the Data Center. I want to ensure internet/unknown traffic originating from campus users is routed directly to firewalls.
What is recommended approach to accomplish it?
3- How should routing be configured when North-South traffic from clients to servers when some servers have network segment behind firewalls? I am guessing I have to creates VRFs on Data center switch then import them Campus VNs!
4- There would be full mesh connectivity between Border nodes and Fusion devices and cross-links between redundant border devices. What routing protocols and configuration will be needed ensure no traffic is disrupted if any link or device fails?
5- I have some IoTs devices for Building Management Systems (BMS) like HVAC, Campus Security and their servers are located in data center block, however these devices should have L2 adjacency with the server ? What is the optimal solution since all the links in campus fabric is L3.
Hoping for valuable suggestions from the great experts in his reddit. Thanks in advance.
No comments:
Post a Comment