Hello, I'm trying to build out a DR site that is connected with my primary site. I have a COLO about 20 Miles away that is provided by my ISP and I have a QinQ 100mbps link shared with my internet between their network any my network to carry layer 2 VLANs.
My objective is to place older hardware in the DR site to serve as offsite backup storage and failover for our virtual machines. We opted to have layer 2 services provided vs layer 3 to be able to transparently failover to the site without needing to re-IP which minimizes the impact to our computing services in the event I lose my primary datacenter.
I want to know the best way to link/route the network in the DR site to my production network and correctly route traffic from VLAN 100 to VLAN 1000. My background and knowledge quickly runs out and I need some guidance on the best way to accomplish my goal.
This being said what would you do if this was your network and you stuck with the layer 2 link? I'm not specifically asking the exact configs but a design that has been vetted by networking experts that will put me on the right track. I don't know what I don't know and that makes this hard.
My plan was originally to put some static routes on the routers but in my testing I ran into major difficulties particularly I planned on using the 10.0.4.101/24 network ganged up on VLAN 100 to generate the static routes but the SonicWALL will not let me assign 2 ip's on a single virtual interface. I was trying to avoid cross contaminating ip's from site to the other except for the vm's if they were to failover. I have tried setting up routing on the switches and had some limited success getting ping able access between the VLANs but it looks like the dell 6248's wanted additional configuration and would not pass traffic. My management VLAN on the 6248 is VLAN 100 and it won’t let me route that VLAN which ultimately is very annoying I tried setting up some alternate configurations where the VLAN 100 was not the management VLAN but ran out of time to test last weekend. I've spent some time googling but I tend to find a bunch of stuff where people are like “hey don't span VLANs across sites”. I've tried some other smaller things but haven't had much luck. Right now my plan looks like this
I've got a few questions but these may be pointless depending on your recommendations.
- Will my 2 routers/fws fight if they are both configured on the VLANs and set to route traffic from one VLAN to another? ie both have VLAN 100 and 1000 configured and static routes in place to allow traffic from one network to the other?
- Could I utilize the layer 3 capabilities of my switches to facilitate the routing, I'm thinking this would offload quite a bit traffic from the routers, primary the replication traffic I will generate. In my mind, I’ve pictured all data that crosses the 2 VLANs will flow through a router.
- I want to limit ingress of traffic to the 1000 VLAN to protect the assets in the DR site. I'm assuming the routers can accomplish this task with some access rules?
Note: Later on, I'd like the take the knowledge I learn here and extend it to improving my primary site.
TL;DR: A networking novice Sysadmin is trying to go into advanced networking without any real knowledge other than he doesn't know what he's doing.
No comments:
Post a Comment